mutant.c

来自「臭氧层主动防御系统驱动源代码!臭氧层主动防御系统驱动源代码!」· C语言代码 · 共 152 行

152 行

/*
 * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
 *
 * Module Name:
 *
 *		mutant.c
 *
 * Abstract:
 *
 *		This module implements various mutant (mutex) hooking routines.
 *
 * Author:
 *
 *		Eugene Tsyrklevich 25-Mar-2004
 *
 * Revision History:
 *
 *		None.
 */


#include "mutant.h"


#ifdef ALLOC_PRAGMA
#pragma alloc_text (INIT, InitMutantHooks)
#endif


fpZwCreateMutant	OriginalNtCreateMutant = NULL;
fpZwOpenMutant		OriginalNtOpenMutant = NULL;


/*
 * HookedNtCreateMutant()
 *
 * Description:
 *		This function mediates the NtCreateMutant() system service and checks the
 *		provided mutant name against the global and current process security policies.
 *
 *		NOTE: ZwCreateMutant creates or opens a mutant object. [NAR]
 *
 * Parameters:
 *		Those of NtCreateMutant().
 *
 * Returns:
 *		STATUS_ACCESS_DENIED if the call does not pass the security policy check.
 *		Otherwise, NTSTATUS returned by NtCreateMutant().
 */

NTSTATUS
NTAPI
HookedNtCreateMutant
(
	OUT PHANDLE MutantHandle,
	IN ACCESS_MASK DesiredAccess,
	IN POBJECT_ATTRIBUTES ObjectAttributes,
	IN BOOLEAN InitialOwner
)
{
	PCHAR	FunctionName = "HookedNtCreateMutant";


	HOOK_ROUTINE_START(MUTANT);


	ASSERT(OriginalNtCreateMutant);

	rc = OriginalNtCreateMutant(MutantHandle, DesiredAccess, ObjectAttributes, InitialOwner);


	HOOK_ROUTINE_FINISH(MUTANT);
}



/*
 * HookedNtOpenMutant()
 *
 * Description:
 *		This function mediates the NtOpenMutant() system service and checks the
 *		provided mutant name against the global and current process security policies.
 *
 *		NOTE: ZwOpenMutant opens a mutant object. [NAR]
 *
 * Parameters:
 *		Those of NtOpenMutant().
 *
 * Returns:
 *		STATUS_ACCESS_DENIED if the call does not pass the security policy check.
 *		Otherwise, NTSTATUS returned by NtOpenMutant().
 */

NTSTATUS
NTAPI
HookedNtOpenMutant
(
	OUT PHANDLE MutantHandle,
	IN ACCESS_MASK DesiredAccess,
	IN POBJECT_ATTRIBUTES ObjectAttributes
)
{
	PCHAR	FunctionName = "HookedNtOpenMutant";


	HOOK_ROUTINE_START(MUTANT);


	ASSERT(OriginalNtOpenMutant);

	rc = OriginalNtOpenMutant(MutantHandle, DesiredAccess, ObjectAttributes);


	HOOK_ROUTINE_FINISH(MUTANT);
}



/*
 * InitMutantHooks()
 *
 * Description:
 *		Initializes all the mediated mutant operation pointers. The "OriginalFunction" pointers
 *		are initialized by InstallSyscallsHooks() that must be called prior to this function.
 *
 *		NOTE: Called once during driver initialization (DriverEntry()).
 *
 * Parameters:
 *		None.
 *
 * Returns:
 *		TRUE to indicate success, FALSE if failed.
 */

BOOLEAN
InitMutantHooks()
{
	if ( (OriginalNtCreateMutant = (fpZwCreateMutant) ZwCalls[ZW_CREATE_MUTANT_INDEX].OriginalFunction) == NULL)
	{
		LOG(LOG_SS_MUTANT, LOG_PRIORITY_DEBUG, ("InitMutantHooks: OriginalNtCreateMutant is NULL\n"));
		return FALSE;
	}

	if ( (OriginalNtOpenMutant = (fpZwOpenMutant) ZwCalls[ZW_OPEN_MUTANT_INDEX].OriginalFunction) == NULL)
	{
		LOG(LOG_SS_MUTANT, LOG_PRIORITY_DEBUG, ("InitMutantHooks: OriginalNtOpenMutant is NULL\n"));
		return FALSE;
	}

	return TRUE;
}

mutant.c - 源码说明

本页面展示了「臭氧层主动防御系统驱动源代码!臭氧层主动防御系统驱动源代码!」中的 mutant.c 源码文件，采用 C语言编程语言编写，共 152 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与臭氧相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C

搜索代码Ctrl + F

全屏模式F11

增大字号Ctrl + =

减小字号Ctrl + -

显示快捷键?