Panoptes/hook_8hpp_source.html

#pragma once

#include <Windows.h>

#include "def.h"

#include <detours/detours.h>


NTSTATUS NTAPI Hooked_NtWriteVirtualMemory(

    HANDLE ProcessHandle,

    PVOID BaseAddress,

    PVOID Buffer,

    SIZE_T NumberOfBytesToWrite,

    PSIZE_T NumberOfBytesWritten

);


NTSTATUS NTAPI Hooked_NtModifyBootEntry(PBOOT_ENTRY BootEntry);


NTSTATUS NTAPI Hooked_NtMapViewOfSectionEx(

    HANDLE SectionHandle,

    HANDLE ProcessHandle,

    PVOID* BaseAddress,

    PLARGE_INTEGER SectionOffset,

    PSIZE_T ViewSize,

    ULONG AllocationType,

    ULONG PageProtection,

    PMEM_EXTENDED_PARAMETER ExtendedParameters,

    ULONG ExtendedParameterCount

);


VOID PlaceHooks();


VOID UnHook();


def.h

UnHook
VOID UnHook()
The UnHook function removes the hooks from the NTDLL functions.
Definition hook.cpp:97

Hooked_NtWriteVirtualMemory
NTSTATUS NTAPI Hooked_NtWriteVirtualMemory(HANDLE ProcessHandle, PVOID BaseAddress, PVOID Buffer, SIZE_T NumberOfBytesToWrite, PSIZE_T NumberOfBytesWritten)
The Hooked_NtWriteVirtualMemory function is a function that hooks the NtWriteVirtualMemory function.
Definition hook.cpp:18

Hooked_NtModifyBootEntry
NTSTATUS NTAPI Hooked_NtModifyBootEntry(PBOOT_ENTRY BootEntry)
The Hooked_NtModifyBootEntry function is a function that hooks the NtModifyBootEntry function.
Definition hook.cpp:35

PlaceHooks
VOID PlaceHooks()
The PlaceHooks function places the hooks on the NTDLL functions.
Definition hook.cpp:72

Hooked_NtMapViewOfSectionEx
NTSTATUS NTAPI Hooked_NtMapViewOfSectionEx(HANDLE SectionHandle, HANDLE ProcessHandle, PVOID *BaseAddress, PLARGE_INTEGER SectionOffset, PSIZE_T ViewSize, ULONG AllocationType, ULONG PageProtection, PMEM_EXTENDED_PARAMETER ExtendedParameters, ULONG ExtendedParameterCount)
The Hooked_NtMapViewOfSectionEx function is a function that hooks the NtMapViewOfSectionEx function.

_BOOT_ENTRY
The BOOT_ENTRY structure represents a boot entry in the boot configuration database....
Definition def.h:7