#ifndef _PRECOMP_H #define _PRECOMP_H #pragma once #pragma warning(disable : 4995) #undef NTDDI_VERSION #define NTDDI_VERSION 0x0A00000A #include #include #include #include #include //------------------------------------------------------------------ // Define //------------------------------------------------------------------ #define MAX_FILE_PATH 512 //------------------------------------------------------------------ // GLOBAL //------------------------------------------------------------------ typedef struct _BS1FLT { BOOLEAN IsAttached; ULONG LogType; PFLT_FILTER Filter; HANDLE UserProcess; PFLT_PORT ServerPort; PFLT_PORT ClientPort; ULONG OsVersion; PDRIVER_OBJECT DriverObject; BOOLEAN IsFolderProtect; BOOLEAN IsDeviceProtect; BOOLEAN IsShareWatched; ULONG IsProcessCreate; BOOLEAN IsProcessProtect; BOOLEAN IsRegProtect; }BS1FLT, *PBS1FLT; typedef struct _BS1FLT_CONTEXT { ULONG nop; }BS1FLT_CONTEXT, *PBS1FLT_CONTEXT; #define VOLUME_DESCRIPTION_LENGTH 0x20 typedef struct _VOLUME_CONTEXT { PFLT_INSTANCE instance; UNICODE_STRING name; ULONG device_type; PDEVICE_OBJECT device_object; ULONG bustype; //STORAGE_BUS_TYPE DEVICE_REMOVAL_POLICY removalpolicy; UCHAR vendorid[VOLUME_DESCRIPTION_LENGTH]; UCHAR productid[VOLUME_DESCRIPTION_LENGTH]; UCHAR productrevisionlevel[VOLUME_DESCRIPTION_LENGTH]; UCHAR vendorspecific[VOLUME_DESCRIPTION_LENGTH]; WCHAR wLabel[100]; }VOLUME_CONTEXT, * PVOLUME_CONTEXT; extern BS1FLT g_bs1Flt; #define FileDispositionInformationEx 64 #define FileRenameInformationEx 65 //------------------------------------------------------------------ // Header //------------------------------------------------------------------ typedef ULONG DWORD; typedef int BOOL; #define DEBUG_PRINT #define DEBUG_OUT 0x2 extern ULONG g_DebugLevel; #define DEBUG_TRACE_ERROR 0x00000001 #define DEBUG_TRACE_INFO 0x00000002 #define DEBUG_TRACE_ALL 0xFFFFFFFF #ifdef DEBUG_PRINT #define KLogEx(Level, Format, ...) \ do { \ if ((Level) & g_DebugLevel) \ { \ DbgPrintEx( \ DPFLTR_IHVDRIVER_ID, \ DPFLTR_INFO_LEVEL, \ "%s:%s: " Format, \ DRIVERNAMEA, \ __FUNCTION__, \ ##__VA_ARGS__); \ } \ } while(0) //#define KLogEx(Level, str, ...) \ //{ \ // DbgPrintEx( \ // DPFLTR_IHVDRIVER_ID, \ // DPFLTR_ERROR_LEVEL, \ // "%S:%s: "##str"", \ // DRIVERNAME, \ // __FUNCTION__, \ // __VA_ARGS__); \ //} //#define KLogEx(Level, str, ...) \ //{ \ // if (Level & g_DebugLevel) \ // { \ // DbgPrintEx( \ // DPFLTR_IHVDRIVER_ID, \ // DPFLTR_ERROR_LEVEL, \ // "%S:%s: "##str"", \ // DRIVERNAME, \ // __FUNCTION__, \ // __VA_ARGS__); \ // } \ //} //#define KLogEx(Level, str, ...) \ //{ \ // if ((Level) & g_DebugLevel) \ // { \ // DbgPrintEx( \ // DPFLTR_IHVDRIVER_ID, \ // DPFLTR_ERROR_LEVEL, \ // DRIVERNAME ":%s: " str, /* DRIVERNAMEÀ» ¹®ÀÚ¿­ ¸®ÅÍ·²·Î Á÷Á¢ Æ÷ÇÔ */ \ // __FUNCTION__, \ // __VA_ARGS__); \ // } \ //} #define KLog(Level, str, ...) \ { \ if ((Level) & g_DebugLevel) \ { \ DbgPrint( \ "%S:%s: "##str"", \ DRIVERNAME, \ __FUNCTION__, \ __VA_ARGS__); \ } \ } //DbgPrint Data; #else #define KLogEx(str, ...) {NOTHING;} //__nop #define KLog(Level, Data) {NOTHING;} #endif #define MAX_PATH 256 #define KPROCESS_PATH 1024 #define SAFE_FREE(A) if(A){ExFreePool(A);A=NULL;} #ifndef FlagOn #define FlagOn(_F,_SF) ((_F) & (_SF)) #endif #define N2HShort( x ) (((x & 0xff) << 8) | ((x & 0xff00) >> 8)) #define N2HLong( x ) (((x & 0xffL) << 24) | ((x & 0xff00L) << 8) | ((x & 0xff0000L) >> 8) | ((x &0xff000000L) >> 24)); #define ONEGB 1073741824 // 1024^3 typedef struct _PROCESS_MANAGER { ULONG type; WCHAR path[KPROCESS_PATH]; ULONG size; }PROCESS_MANAGER, * PPROCESS_MANAGER; #define USB_PORT_HOOK #define BLUETOOTH_HOOK #include "bs1flt_common.h" //#include "entry.h" //#include "create.h" #include "bs1flt_vol.h" #include "bs1flt_lst.h" #include "bs1flt_util.h" #include "bs1flt_process.h" #include "bs1flt_pg.h" #include "bs1flt_connet.h" #include "bs1flt_reg.h" #include "bs1flt.h" #include "bs1flt_device_policy.h" #include "bs1flt_report.h" #include "bs1flt_port_hook.h" #include "bs1flt_process_protect.h" #include "bs1flt_usb_desc.h" #pragma warning( disable : 4995 ) #pragma warning( disable : 4996 ) //extern ULONG g_ExitPid; #define PROCESS_TERMINATE_NOTIFY_KERNEL_EVENT_NAME L"\\BaseNamedObjects\\" PROCESS_TERMINATE_SHARE_EVENT #endif