#ifndef _PH_KPHUSER_H #define _PH_KPHUSER_H #include #ifdef __cplusplus extern "C" { #endif typedef struct _KPH_PARAMETERS { KPH_SECURITY_LEVEL SecurityLevel; BOOLEAN CreateDynamicConfiguration; } KPH_PARAMETERS, *PKPH_PARAMETERS; PHLIBAPI NTSTATUS NTAPI KphConnect( _In_opt_ PWSTR DeviceName ); PHLIBAPI NTSTATUS NTAPI KphConnect2( _In_opt_ PWSTR DeviceName, _In_ PWSTR FileName ); PHLIBAPI NTSTATUS NTAPI KphConnect2Ex( _In_opt_ PWSTR DeviceName, _In_ PWSTR FileName, _In_opt_ PKPH_PARAMETERS Parameters ); PHLIBAPI NTSTATUS NTAPI KphDisconnect( VOID ); PHLIBAPI BOOLEAN NTAPI KphIsConnected( VOID ); PHLIBAPI BOOLEAN NTAPI KphIsVerified( VOID ); PHLIBAPI NTSTATUS NTAPI KphSetParameters( _In_opt_ PWSTR DeviceName, _In_ PKPH_PARAMETERS Parameters ); PHLIBAPI NTSTATUS NTAPI KphInstall( _In_opt_ PWSTR DeviceName, _In_ PWSTR FileName ); PHLIBAPI NTSTATUS NTAPI KphInstallEx( _In_opt_ PWSTR DeviceName, _In_ PWSTR FileName, _In_opt_ PKPH_PARAMETERS Parameters ); PHLIBAPI NTSTATUS NTAPI KphUninstall( _In_opt_ PWSTR DeviceName ); PHLIBAPI NTSTATUS NTAPI KphGetFeatures( _Out_ PULONG Features ); PHLIBAPI NTSTATUS NTAPI KphVerifyClient( _In_reads_bytes_(SignatureSize) PUCHAR Signature, _In_ ULONG SignatureSize ); PHLIBAPI NTSTATUS NTAPI KphOpenProcess( _Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ PCLIENT_ID ClientId ); PHLIBAPI NTSTATUS NTAPI KphOpenProcessToken( _In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle ); PHLIBAPI NTSTATUS NTAPI KphOpenProcessJob( _In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE JobHandle ); PHLIBAPI NTSTATUS NTAPI KphTerminateProcess( _In_ HANDLE ProcessHandle, _In_ NTSTATUS ExitStatus ); PHLIBAPI NTSTATUS NTAPI KphReadVirtualMemoryUnsafe( _In_opt_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _Out_writes_bytes_(BufferSize) PVOID Buffer, _In_ SIZE_T BufferSize, _Out_opt_ PSIZE_T NumberOfBytesRead ); PHLIBAPI NTSTATUS NTAPI KphQueryInformationProcess( _In_ HANDLE ProcessHandle, _In_ KPH_PROCESS_INFORMATION_CLASS ProcessInformationClass, _Out_writes_bytes_(ProcessInformationLength) PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength ); PHLIBAPI NTSTATUS NTAPI KphSetInformationProcess( _In_ HANDLE ProcessHandle, _In_ KPH_PROCESS_INFORMATION_CLASS ProcessInformationClass, _In_reads_bytes_(ProcessInformationLength) PVOID ProcessInformation, _In_ ULONG ProcessInformationLength ); PHLIBAPI NTSTATUS NTAPI KphOpenThread( _Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ PCLIENT_ID ClientId ); PHLIBAPI NTSTATUS NTAPI KphOpenThreadProcess( _In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE ProcessHandle ); PHLIBAPI NTSTATUS NTAPI KphCaptureStackBackTraceThread( _In_ HANDLE ThreadHandle, _In_ ULONG FramesToSkip, _In_ ULONG FramesToCapture, _Out_writes_(FramesToCapture) PVOID *BackTrace, _Out_opt_ PULONG CapturedFrames, _Out_opt_ PULONG BackTraceHash ); PHLIBAPI NTSTATUS NTAPI KphQueryInformationThread( _In_ HANDLE ThreadHandle, _In_ KPH_THREAD_INFORMATION_CLASS ThreadInformationClass, _Out_writes_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength, _Out_opt_ PULONG ReturnLength ); PHLIBAPI NTSTATUS NTAPI KphSetInformationThread( _In_ HANDLE ThreadHandle, _In_ KPH_THREAD_INFORMATION_CLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength ); PHLIBAPI NTSTATUS NTAPI KphEnumerateProcessHandles( _In_ HANDLE ProcessHandle, _Out_writes_bytes_(BufferLength) PVOID Buffer, _In_opt_ ULONG BufferLength, _Out_opt_ PULONG ReturnLength ); PHLIBAPI NTSTATUS NTAPI KphEnumerateProcessHandles2( _In_ HANDLE ProcessHandle, _Out_ PKPH_PROCESS_HANDLE_INFORMATION *Handles ); PHLIBAPI NTSTATUS NTAPI KphQueryInformationObject( _In_ HANDLE ProcessHandle, _In_ HANDLE Handle, _In_ KPH_OBJECT_INFORMATION_CLASS ObjectInformationClass, _Out_writes_bytes_(ObjectInformationLength) PVOID ObjectInformation, _In_ ULONG ObjectInformationLength, _Out_opt_ PULONG ReturnLength ); PHLIBAPI NTSTATUS NTAPI KphSetInformationObject( _In_ HANDLE ProcessHandle, _In_ HANDLE Handle, _In_ KPH_OBJECT_INFORMATION_CLASS ObjectInformationClass, _In_reads_bytes_(ObjectInformationLength) PVOID ObjectInformation, _In_ ULONG ObjectInformationLength ); PHLIBAPI NTSTATUS NTAPI KphOpenDriver( _Out_ PHANDLE DriverHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes ); PHLIBAPI NTSTATUS NTAPI KphQueryInformationDriver( _In_ HANDLE DriverHandle, _In_ DRIVER_INFORMATION_CLASS DriverInformationClass, _Out_writes_bytes_(DriverInformationLength) PVOID DriverInformation, _In_ ULONG DriverInformationLength, _Out_opt_ PULONG ReturnLength ); // kphdata PHLIBAPI NTSTATUS NTAPI KphInitializeDynamicPackage( _Out_ PKPH_DYN_PACKAGE Package ); #ifdef __cplusplus } #endif #endif