Source code of Windows XP (NT5)
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
support.h
Abstract:
Internal support interfaces for the standard application verifier provider.
Author:
Silviu Calinoiu (SilviuC) 1-Mar-2001
Revision History:
--*/
#ifndef _SUPPORT_H_
#define _SUPPORT_H_
//
// Security checks
//
VOIDCheckObjectAttributes ( POBJECT_ATTRIBUTES Object ); //
// Handle management
//
#define MAX_TRACE_DEPTH 16
#define HANDLE_TYPE_UNKNOWN 0
#define HANDLE_TYPE_NTDLL 1
#define HANDLE_TYPE_FILE 2
#define HANDLE_TYPE_SECTION 3
typedef struct _AVRF_HANDLE {
LIST_ENTRY Links;
struct {
ULONG Type : 30; ULONG Delayed : 1; }; HANDLE Handle; PWSTR Name; PVOID Context; PVOID Trace [MAX_TRACE_DEPTH];
} AVRF_HANDLE, *PAVRF_HANDLE;
VOIDHandleInitialize ( );
PAVRF_HANDLEHandleFind ( HANDLE Handle );
PWSTR HandleName ( PAVRF_HANDLE Handle );
PAVRF_HANDLEHandleAdd ( HANDLE Handle, ULONG Type, BOOLEAN Delayed, PWSTR Name, PVOID Context );
VOIDHandleDelete ( HANDLE Handle, PAVRF_HANDLE Entry );
VOIDHandleDump ( HANDLE Handle );
//
// Virtual space operations tracking
//
typedef enum _VS_CALL_TYPE { VsVirtualAlloc = 0, VsVirtualFree = 1, VsMapView = 2, VsUnmapView = 3} VS_CALL_TYPE;
VOIDVsLogCall ( VS_CALL_TYPE Type, PVOID Address, SIZE_T Size, ULONG Operation, ULONG Protection );
//
// Heap operations tracking
//
VOIDHeapLogCall ( PVOID Address, SIZE_T Size );
//
// Write garbage in unused areas of stack.
//
VOIDAVrfpDirtyThreadStack ( );
//
// Standard function used for hooked CreateThread.
//
typedef struct _AVRF_THREAD_INFO {
PTHREAD_START_ROUTINE Function; PVOID Parameter;
} AVRF_THREAD_INFO, * PAVRF_THREAD_INFO;
DWORDWINAPIAVrfpStandardThreadFunction ( LPVOID Info );
VOIDAVrfpCheckThreadTermination ( VOID );
#endif // _SUPPORT_H_
|
