четверг, 24 февраля 2011 г.

VfRegularThunks

а вот например списки ф-ций, которые driver verifier перехватывает при загрузке подопытного драйвера (не надо тока учить меня гуглом пользоваться - ничего не находится по теме)
Vista
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExReleaseResourceLite
ExInitializeResourceLite
ExDeleteResourceLite
ExfAcquirePushLockExclusive
ExfAcquirePushLockShared
ExfTryAcquirePushLockShared
ExfReleasePushLock
ExfTryToWakePushLock
ExfReleasePushLockShared
MmProbeAndLockPages
MmProbeAndLockProcessPages
MmMapIoSpace
MmMapLockedPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
MmUnmapLockedPages
MmUnmapIoSpace
MmAllocateContiguousMemory
MmAllocateContiguousMemorySpecifyCache
MmAllocatePagesForMdl
MmAllocatePagesForMdlEx
MmCreateMdl
MmGetSystemRoutineAddress
KeSetEvent
KeRaiseIrql
KeLowerIrql
KeSynchronizeExecution
KeInitializeTimerEx
KeInitializeTimer
KeWaitForSingleObject
KeWaitForMultipleObjects
KeDelayExecutionThread
KfRaiseIrql
KeRaiseIrqlToDpcLevel
KfLowerIrql
KeReleaseMutex
KeReleaseMutant
KeLeaveCriticalRegion
KeInsertQueueDpc
KeRemoveQueueDpc
NtCreateFile
NtWriteFile
NtReadFile
ObfReferenceObject
ObDereferenceObject
ObfDereferenceObject
ObReferenceObjectByHandle
IoFreeIrp
IofCompleteRequest
IoBuildDeviceIoControlRequest
IoBuildAsynchronousFsdRequest
IoInitializeTimer
KeQueryPerformanceCounter
IoGetDmaAdapter
HalGetAdapter
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IoReleaseRemoveLockAndWaitEx
IoCallDriverStackSafe
IoAllocateMdl
IoAllocateErrorLogEntry
IoAllocateIrp
IoAllocateWorkItem
IoWMIRegistrationControl
IoWMIWriteEvent
EtwRegister
EtwUnregister
IoCreateDevice
IoVolumeDeviceToDosName
RtlVolumeDeviceToDosName
KeInitializeEvent
KeInitializeSemaphore
memcpy
ZwAccessCheckAndAuditAlarm
ZwAddBootEntry
ZwAddDriverEntry
ZwAdjustPrivilegesToken
ZwAllocateVirtualMemory
ZwCancelIoFile
ZwCancelTimer
ZwCloseObjectAuditAlarm
ZwConnectPort
ZwCreateDirectoryObject
ZwCreateEvent
ZwCreateFile
ZwCreateJobObject
ZwCreateKey
ZwCreateSection
ZwCreateSymbolicLinkObject
ZwCreateTimer
ZwDeleteBootEntry
ZwDeleteFile
ZwDeleteValueKey
ZwDeviceIoControlFile
ZwDisplayString
ZwDuplicateObject
ZwDuplicateToken
ZwEnumerateBootEntries
ZwEnumerateDriverEntries
ZwEnumerateKey
ZwEnumerateValueKey
ZwFlushInstructionCache
ZwFlushVirtualMemory
ZwFreeVirtualMemory
ZwFsControlFile
ZwLoadDriver
ZwLoadKey
ZwMapViewOfSection
ZwModifyBootEntry
ZwModifyDriverEntry
ZwNotifyChangeKey
ZwOpenDirectoryObject
ZwOpenEvent
ZwOpenFile
ZwOpenJobObject
ZwOpenKey
ZwOpenProcess
ZwOpenProcessToken
ZwOpenProcessTokenEx
ZwOpenSection
ZwOpenSymbolicLinkObject
ZwOpenThread
ZwOpenThreadToken
ZwOpenThreadTokenEx
ZwOpenTimer
ZwPowerInformation
ZwPulseEvent
ZwQueryBootEntryOrder
ZwQueryBootOptions
ZwQueryDefaultLocale
ZwQueryDefaultUILanguage
ZwQueryDriverEntryOrder
ZwQueryInstallUILanguage
ZwQueryDirectoryFile
ZwQueryDirectoryObject
ZwQueryEaFile
ZwQueryFullAttributesFile
ZwQueryInformationFile
ZwQueryInformationJobObject
ZwQueryInformationProcess
ZwQueryInformationThread
ZwQueryInformationToken
ZwQueryKey
ZwQueryObject
ZwQuerySection
ZwQuerySecurityObject
ZwQuerySymbolicLinkObject
ZwQuerySystemInformation
ZwQueryValueKey
ZwQueryVolumeInformationFile
ZwReadFile
ZwReplaceKey
ZwRequestWaitReplyPort
ZwResetEvent
ZwRestoreKey
ZwSetBootEntryOrder
ZwSetBootOptions
ZwSetDriverEntryOrder
ZwSetEaFile
ZwSetEvent
ZwSetInformationFile
ZwSetInformationJobObject
ZwSetInformationObject
ZwSetInformationProcess
ZwSetInformationThread
ZwSetSecurityObject
ZwSetSystemInformation
ZwSetSystemTime
ZwSetTimer
ZwSetValueKey
ZwSetVolumeInformationFile
ZwTranslateFilePath
ZwUnloadDriver
ZwUnloadKey
ZwWaitForMultipleObjects
ZwWaitForSingleObject
ZwWriteFile
ZwAlpcCreatePort
ZwAlpcConnectPort
ZwAlpcAcceptConnectPort
ZwAlpcSendWaitReceivePort
ZwAlpcCreateSecurityContext
ZwAlpcCreatePortSection
ZwAlpcCreateSectionView
ZwAlpcCreateResourceReserve
ZwAlpcSetInformation
ZwAlpcQueryInformation
ZwRemoveIoCompletionEx
ZwCreateTransactionManager
ZwOpenTransactionManager
ZwQueryInformationTransactionManager
ZwCreateTransaction
ZwOpenTransaction
ZwQueryInformationTransaction
ZwSetInformationTransaction
ZwSavepointTransaction
ZwPrePrepareEnlistment
ZwPrepareEnlistment
ZwCommitEnlistment
ZwRollbackEnlistment
ZwPrepareComplete
ZwCreateEnlistment
ZwOpenEnlistment
ZwQueryInformationEnlistment
ZwSetInformationEnlistment
ZwPullTransaction
ZwMarshallTransaction
ZwQueryLicenseValue

Vista sp2
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExReleaseResourceLite
ExInitializeResourceLite
ExDeleteResourceLite
ExfAcquirePushLockExclusive
ExfAcquirePushLockShared
ExfTryAcquirePushLockShared
ExfReleasePushLock
ExfTryToWakePushLock
ExfReleasePushLockShared
MmProbeAndLockPages
MmProbeAndLockProcessPages
MmMapIoSpace
MmMapLockedPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
MmUnmapLockedPages
MmUnmapIoSpace
MmAllocateContiguousMemory
MmAllocateContiguousMemorySpecifyCache
MmAllocatePagesForMdl
MmAllocatePagesForMdlEx
MmCreateMdl
MmGetSystemRoutineAddress
KeSetEvent
KeRaiseIrql
KeLowerIrql
KeSynchronizeExecution
KeInitializeTimerEx
KeInitializeTimer
KeDelayExecutionThread
KfRaiseIrql
KeRaiseIrqlToDpcLevel
KfLowerIrql
KeLeaveCriticalRegion
KeInsertQueueDpc
KeRemoveQueueDpc
NtCreateFile
NtWriteFile
NtReadFile
ObfReferenceObject
ObDereferenceObject
ObfDereferenceObject
ObReferenceObjectByHandle
IoFreeIrp
IofCompleteRequest
IoBuildDeviceIoControlRequest
IoBuildAsynchronousFsdRequest
IoInitializeTimer
KeQueryPerformanceCounter
IoGetDmaAdapter
HalGetAdapter
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IoReleaseRemoveLockAndWaitEx
IoCallDriverStackSafe
IoAllocateMdl
IoAllocateErrorLogEntry
IoAllocateIrp
IoAllocateWorkItem
IoWMIRegistrationControl
IoWMIWriteEvent
EtwRegister
EtwRegisterClassicProvider
EtwUnregister
IoCreateDevice
IoVolumeDeviceToDosName
RtlVolumeDeviceToDosName
KeInitializeEvent
KeInitializeSemaphore
memcpy
ZwAccessCheckAndAuditAlarm
ZwAddBootEntry
ZwAddDriverEntry
ZwAdjustPrivilegesToken
ZwAllocateVirtualMemory
ZwCancelIoFile
ZwCancelTimer
ZwCloseObjectAuditAlarm
ZwConnectPort
ZwCreateDirectoryObject
ZwCreateEvent
ZwCreateFile
ZwCreateJobObject
ZwCreateKey
ZwCreateSection
ZwCreateSymbolicLinkObject
ZwCreateTimer
ZwDeleteBootEntry
ZwDeleteFile
ZwDeleteValueKey
ZwDeviceIoControlFile
ZwDisplayString
ZwDuplicateObject
ZwDuplicateToken
ZwEnumerateBootEntries
ZwEnumerateDriverEntries
ZwEnumerateKey
ZwEnumerateValueKey
ZwFlushInstructionCache
ZwFlushVirtualMemory
ZwFreeVirtualMemory
ZwFsControlFile
ZwLoadDriver
ZwLoadKey
ZwMapViewOfSection
ZwModifyBootEntry
ZwModifyDriverEntry
ZwNotifyChangeKey
ZwOpenDirectoryObject
ZwOpenEvent
ZwOpenFile
ZwOpenJobObject
ZwOpenKey
ZwOpenProcess
ZwOpenProcessToken
ZwOpenProcessTokenEx
ZwOpenSection
ZwOpenSymbolicLinkObject
ZwOpenThread
ZwOpenThreadToken
ZwOpenThreadTokenEx
ZwOpenTimer
ZwPowerInformation
ZwPulseEvent
ZwQueryBootEntryOrder
ZwQueryBootOptions
ZwQueryDefaultLocale
ZwQueryDefaultUILanguage
ZwQueryDriverEntryOrder
ZwQueryInstallUILanguage
ZwQueryDirectoryFile
ZwQueryDirectoryObject
ZwQueryEaFile
ZwQueryFullAttributesFile
ZwQueryInformationFile
ZwQueryInformationJobObject
ZwQueryInformationProcess
ZwQueryInformationThread
ZwQueryInformationToken
ZwQueryKey
ZwQueryObject
ZwQuerySection
ZwQuerySecurityObject
ZwQuerySymbolicLinkObject
ZwQuerySystemInformation
ZwQueryValueKey
ZwQueryVolumeInformationFile
ZwReadFile
ZwReplaceKey
ZwRequestWaitReplyPort
ZwResetEvent
ZwRestoreKey
ZwSetBootEntryOrder
ZwSetBootOptions
ZwSetDriverEntryOrder
ZwSetEaFile
ZwSetEvent
ZwSetInformationFile
ZwSetInformationJobObject
ZwSetInformationObject
ZwSetInformationProcess
ZwSetInformationThread
ZwSetSecurityObject
ZwSetSystemInformation
ZwSetSystemTime
ZwSetTimer
ZwSetValueKey
ZwSetVolumeInformationFile
ZwTranslateFilePath
ZwUnloadDriver
ZwUnloadKey
ZwWaitForMultipleObjects
ZwWaitForSingleObject
ZwWriteFile
ZwAlpcCreatePort
ZwAlpcConnectPort
ZwAlpcAcceptConnectPort
ZwAlpcSendWaitReceivePort
ZwAlpcCreateSecurityContext
ZwAlpcCreatePortSection
ZwAlpcCreateSectionView
ZwAlpcCreateResourceReserve
ZwAlpcSetInformation
ZwAlpcQueryInformation
ZwRemoveIoCompletionEx
ZwCreateTransactionManager
ZwOpenTransactionManager
ZwQueryInformationTransactionManager
ZwCreateTransaction
ZwOpenTransaction
ZwQueryInformationTransaction
ZwSetInformationTransaction
ZwPrePrepareEnlistment
ZwPrepareEnlistment
ZwCommitEnlistment
ZwRollbackEnlistment
ZwPrepareComplete
ZwCreateEnlistment
ZwOpenEnlistment
ZwQueryInformationEnlistment
ZwSetInformationEnlistment
ZwQueryLicenseValue

windows 7
ExInitializeResourceLite
ExDeleteResourceLite
ExfAcquirePushLockExclusive
ExfAcquirePushLockShared
ExfTryAcquirePushLockShared
ExfReleasePushLock
ExfTryToWakePushLock
ExfReleasePushLockShared
MmProbeAndLockPages
MmProbeAndLockProcessPages
MmMapIoSpace
MmMapLockedPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
MmUnmapLockedPages
MmUnmapIoSpace
MmAllocateContiguousMemory
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemory
MmAllocatePagesForMdl
MmAllocatePagesForMdlEx
MmFreePagesFromMdl
MmCreateMdl
MmGetSystemRoutineAddress
KeSetEvent
KeRaiseIrql
KeLowerIrql
KeSynchronizeExecution
KeInitializeTimerEx
KeInitializeTimer
KeDelayExecutionThread
KfRaiseIrql
KeRaiseIrqlToDpcLevel
KfLowerIrql
KeEnterCriticalRegion
KeLeaveCriticalRegion
KeInsertQueueDpc
KeRemoveQueueDpc
NtCreateFile
NtWriteFile
NtReadFile
ObfReferenceObject
ObReferenceObjectByHandle
ObReferenceObjectByPointer
IoFreeIrp
IofCompleteRequest
IoBuildDeviceIoControlRequest
IoBuildAsynchronousFsdRequest
IoInitializeTimer
IoGetDmaAdapter
HalGetAdapter
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IoReleaseRemoveLockAndWaitEx
IoAllocateErrorLogEntry
IoAllocateWorkItem
IoInitializeWorkItem
IoWMIRegistrationControl
IoWMIWriteEvent
EtwRegister
EtwRegisterClassicProvider
EtwUnregister
IoCreateDevice
IoVolumeDeviceToDosName
RtlVolumeDeviceToDosName
KeInitializeEvent
KeInitializeSemaphore
KeTryToAcquireQueuedSpinLock
KeAcquireQueuedSpinLockRaiseToSynch
KeTryToAcquireQueuedSpinLockRaiseToSynch
memcpy
ZwAccessCheckAndAuditAlarm
ZwAddBootEntry
ZwAddDriverEntry
ZwAdjustPrivilegesToken
ZwAllocateVirtualMemory
ZwCancelIoFile
ZwCancelTimer
ZwCloseObjectAuditAlarm
ZwConnectPort
ZwCreateDirectoryObject
ZwCreateEvent
ZwCreateFile
ZwCreateJobObject
ZwCreateKey
ZwCreateSection
ZwCreateSymbolicLinkObject
ZwCreateTimer
ZwDeleteBootEntry
ZwDeleteFile
ZwDeleteValueKey
ZwDeviceIoControlFile
ZwDisplayString
ZwDuplicateObject
ZwDuplicateToken
ZwEnumerateBootEntries
ZwEnumerateDriverEntries
ZwEnumerateKey
ZwEnumerateValueKey
ZwFlushInstructionCache
ZwFlushVirtualMemory
ZwFreeVirtualMemory
ZwFsControlFile
ZwLoadDriver
ZwLoadKey
ZwMapViewOfSection
ZwModifyBootEntry
ZwModifyDriverEntry
ZwNotifyChangeKey
ZwOpenDirectoryObject
ZwOpenEvent
ZwOpenFile
ZwOpenJobObject
ZwOpenKey
ZwOpenProcess
ZwOpenProcessToken
ZwOpenProcessTokenEx
ZwOpenSection
ZwOpenSymbolicLinkObject
ZwOpenThread
ZwOpenThreadToken
ZwOpenThreadTokenEx
ZwOpenTimer
ZwPowerInformation
ZwPulseEvent
ZwQueryBootEntryOrder
ZwQueryBootOptions
ZwQueryDefaultLocale
ZwQueryDefaultUILanguage
ZwQueryDriverEntryOrder
ZwQueryInstallUILanguage
ZwQueryDirectoryFile
ZwQueryDirectoryObject
ZwQueryEaFile
ZwQueryFullAttributesFile
ZwQueryInformationFile
ZwQueryInformationJobObject
ZwQueryInformationProcess
ZwQueryInformationThread
ZwQueryInformationToken
ZwQueryKey
ZwQueryObject
ZwQuerySection
ZwQuerySecurityObject
ZwQuerySymbolicLinkObject
ZwQuerySystemInformation
ZwQueryValueKey
ZwQueryVolumeInformationFile
ZwReadFile
ZwReplaceKey
ZwRequestWaitReplyPort
ZwResetEvent
ZwRestoreKey
ZwSetBootEntryOrder
ZwSetBootOptions
ZwSetDriverEntryOrder
ZwSetEaFile
ZwSetEvent
ZwSetInformationFile
ZwSetInformationJobObject
ZwSetInformationObject
ZwSetInformationProcess
ZwSetInformationThread
ZwSetSecurityObject
ZwSetSystemInformation
ZwSetSystemTime
ZwSetTimer
ZwSetValueKey
ZwSetVolumeInformationFile
ZwTranslateFilePath
ZwUnloadDriver
ZwUnloadKey
ZwWaitForMultipleObjects
ZwWaitForSingleObject
ZwWriteFile
ZwAlpcCreatePort
ZwAlpcConnectPort
ZwAlpcAcceptConnectPort
ZwAlpcSendWaitReceivePort
ZwAlpcCreateSecurityContext
ZwAlpcCreatePortSection
ZwAlpcCreateSectionView
ZwAlpcCreateResourceReserve
ZwAlpcSetInformation
ZwAlpcQueryInformation
ZwRemoveIoCompletionEx
ZwCreateTransactionManager
ZwOpenTransactionManager
ZwQueryInformationTransactionManager
ZwCreateTransaction
ZwOpenTransaction
ZwQueryInformationTransaction
ZwSetInformationTransaction
ZwPrePrepareEnlistment
ZwPrepareEnlistment
ZwCommitEnlistment
ZwRollbackEnlistment
ZwPrepareComplete
ZwCreateEnlistment
ZwOpenEnlistment
ZwQueryInformationEnlistment
ZwSetInformationEnlistment
ZwQueryLicenseValue

Комментариев нет:

Отправить комментарий