#pragma once


#ifndef _UTIL_H
#define _UTIL_H


enum OS_VERSION
{
	WinUndefined = 0,
	Win7,
	Win8,
	WinVista,
	WinXP,
	Win2k3,
	Win2k,
	Win10,
	Win11
};

// -----------------------------------------------------------------------------
// [±¸Á¶Ã¼ Á¤ÀÇ] º¼·ýÀÇ ¸ðµç Á¤º¸¸¦ ´ãÀ» ÅëÇÕ ±¸Á¶Ã¼
// -----------------------------------------------------------------------------
typedef struct _VOLUME_DETAILS
{
	// 1. ±âº» ½Äº° Á¤º¸
	WCHAR       VolumeLabel[64];        // º¼·ý À̸§ (¿¹: Windows)
	WCHAR       FileSystemName[64];     // ÆÄÀÏ ½Ã½ºÅÛ (¿¹: NTFS, FAT32)
	ULONG       VolumeSerialNumber;     // ½Ã¸®¾ó ¹øÈ£
	GUID        VolumeGuid;             // º¼·ý GUID (Win10 ÀÌ»ó)

	// 2. ¿ë·® Á¤º¸ (Byte ´ÜÀ§)
	LONGLONG    TotalBytes;             // Àüü Å©±â
	LONGLONG    FreeBytes;              // »ç¿ë °¡´É Å©±â

	// 3. µð¹ÙÀ̽º Ư¼º
	ULONG       DeviceType;             // µð¹ÙÀ̽º ŸÀÔ (DISK, CDROM µî)
	ULONG       DeviceCharacteristics;  // Ư¼º (Removable µî)
	ULONG       FileSystemAttributes;   // ¼Ó¼º (ReadOnly, Compressed µî)

	// 4. ¼½ÅÍ »ó¼¼ Á¤º¸ (Win7 ÀÌ»ó)
	ULONG       PhysicalBytesPerSector; // ¹°¸® ¼½ÅÍ Å©±â (4K µî)
	ULONG       LogicalBytesPerSector;  // ³í¸® ¼½ÅÍ Å©±â (512 µî)

} VOLUME_DETAILS, * PVOLUME_DETAILS;

#define GetPtr(b, o) ((PVOID)(((ULONG_PTR) b) + ((ULONG_PTR) o)))
#define PROCESS_POOL_TAG 'bs1p'


typedef
NTSTATUS
(*PFN_IoOpenDriverRegistryKey) (
	PDRIVER_OBJECT     DriverObject,
	DRIVER_REGKEY_TYPE RegKeyType,
	ACCESS_MASK        DesiredAccess,
	ULONG              Flags,
	PHANDLE            DriverRegKey
	);

PFN_IoOpenDriverRegistryKey
UGetIoOpenDriverRegistryKey(
	VOID
);

NTSTATUS UStrNew(PUNICODE_STRING ustr, USHORT bytes);
NTSTATUS UStrFree(PUNICODE_STRING ustr);
NTSTATUS UStrCopy(PUNICODE_STRING dst, PUNICODE_STRING src);
NTSTATUS UStrCat(PUNICODE_STRING ustr, PUNICODE_STRING str);
PVOID UAlloc(SIZE_T size);
VOID UFree(PVOID* buf);

BOOLEAN ISWcstok(WCHAR* pwszSrc, WCHAR* pwszDest, ULONG ulSrcLen, const WCHAR pwszToken, BOOLEAN bNetFlag);
int ISWtoi(const WCHAR* pwszStr);

NTSTATUS UGetCurrentStackProcessImageName(ULONG processId, PUNICODE_STRING ProcessImageName);
ULONG USetProcessNameOffset(void);
BOOLEAN UGetProcessName(PCHAR theName);

NTSTATUS UGetProcessNameFromPid(
	_In_ HANDLE pid,
	_Out_writes_bytes_(BufferSize) PCHAR Buffer,
	_In_ ULONG BufferSize
);

NTSTATUS UGetProcessFullPathFromPid(
	_In_ HANDLE pid,
	_Out_writes_bytes_opt_(PathBufferSize) PWCHAR PathBuffer, // [¿É¼Ç] Àüü °æ·Î ¹öÆÛ
	_In_ ULONG PathBufferSize,
	_Out_writes_bytes_opt_(NameBufferSize) PWCHAR NameBuffer, // [¿É¼Ç] ÆÄÀÏ¸í ¹öÆÛ
	_In_ ULONG NameBufferSize
);


//NTSTATUS
//GetFileName(
//	IN PFLT_CALLBACK_DATA Data,
//	IN PCFLT_RELATED_OBJECTS FltObjects,
//	OUT PUNICODE_STRING FullPathName
//);




ULONG UGetKernelVersion();
typedef BOOLEAN(__stdcall* WalkCallbackFuncT)(PLIST_ENTRY, PVOID, ULONG);
typedef BOOLEAN(__stdcall* WalkCallbackFuncPointT)(PLIST_ENTRY, PVOID, PVOID);
PLIST_ENTRY WalkList(PLIST_ENTRY head, WalkCallbackFuncT fn, PVOID p, ULONG d);
PLIST_ENTRY WalkListPoint(PLIST_ENTRY head, WalkCallbackFuncPointT fn, PVOID p1, PVOID p2);
NTSTATUS UDeleteFile(wchar_t* path);
NTSTATUS UTerminateProcess(ULONG pid);
BOOLEAN UGetDosFilePath(PFLT_VOLUME pVolume, UNICODE_STRING FilePath, PUNICODE_STRING OUT pDosFilePath);
NTSTATUS USetConfiguration(_In_ PDRIVER_OBJECT DriverObject,_In_ PUNICODE_STRING RegistryPath);
PDRIVER_OBJECT SearchDriverObject(WCHAR* name);
DWORD IsExceptionProcess(PPROCESS_MANAGER proccess_manager, ULONG cnt, WCHAR* processname);
BOOLEAN ISIPAddress(PWCHAR pwszPath, const ULONG ulLen);
VOID ISIPAddressToInt(PWCHAR ip_address, const ULONG ulLen, ULONG* pulIP);

void PrintHexData(unsigned char* data, int datalength);
NTSTATUS GetAllVolumeDetails(
	_In_ PFLT_INSTANCE Instance,
	_Out_ PVOLUME_DETAILS pOutDetails
);

#endif