forked from ufrisk/MemProcFS
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathm_modules.h
116 lines (108 loc) · 4.55 KB
/
m_modules.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
// m_modules.h : definitions related to initialization of built-in modules.
//
// (c) Ulf Frisk, 2018-2022
// Author: Ulf Frisk, [email protected]
//
#ifndef __M_MODULES_H__
#define __M_MODULES_H__
#include "vmmdll.h"
/*
* Initialization function for the build-in virtual file system root folder module.
*/
VOID M_VfsRoot_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
/*
* Initialization function for the build-in virtual file system process folder module.
*/
VOID M_VfsProc_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
/*
* Initialization function for the build-in virtual file system forensic folder module.
*/
VOID M_VfsFc_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
/*
* Initialization functions for ROOT modules.
* NB! modules may in some cases be combined ROOT/PROCESS modules.
*/
VOID M_FindEvil_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_Phys2Virt_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_Conf_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_Sys_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_SysCert_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_SysDriver_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_SysMem_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_SysNet_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_SysObj_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_SysPool_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_SysProc_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_SysSvc_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_SysSyscall_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_SysTask_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_Virt2Phys_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_WinReg_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
/*
* Initialization functions for FORENSIC related modules.
*/
VOID M_FcJSON_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_FcTimeline_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_FcModule_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_FcNtfs_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_FcProc_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_FcRegistry_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_FcThread_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
/*
* Initialization functions for PROCESS related modules.
*/
VOID M_FileHandlesVads_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_FileModules_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_Handle_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_LdrModules_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_MemMap_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_MiniDump_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_ProcToken_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_Search_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID M_Thread_Initialize(_Inout_ PVMMDLL_PLUGIN_REGINFO pPluginRegInfo);
VOID(*g_pfnModulesAllInternal[])(_In_ PVMMDLL_PLUGIN_REGINFO pRegInfo) = {
// core modules
M_VfsRoot_Initialize,
M_VfsProc_Initialize,
M_VfsFc_Initialize,
// per-process modules
M_FileHandlesVads_Initialize,
M_FileModules_Initialize,
M_FindEvil_Initialize,
M_Handle_Initialize,
M_LdrModules_Initialize,
M_MemMap_Initialize,
M_MiniDump_Initialize,
M_Phys2Virt_Initialize,
M_Search_Initialize,
M_Thread_Initialize,
M_Virt2Phys_Initialize,
// global modules
M_Conf_Initialize,
M_Sys_Initialize,
M_SysDriver_Initialize,
M_SysMem_Initialize,
M_SysNet_Initialize,
M_SysObj_Initialize,
M_SysPool_Initialize,
M_SysProc_Initialize,
M_SysSvc_Initialize,
M_SysTask_Initialize,
M_WinReg_Initialize,
// forensic modules
M_FcJSON_Initialize,
M_FcTimeline_Initialize,
M_FcModule_Initialize,
M_FcNtfs_Initialize,
M_FcProc_Initialize,
M_FcRegistry_Initialize,
M_FcThread_Initialize,
#ifdef _WIN32
// windows-only per-process modules
M_ProcToken_Initialize, // req: winapi
// windows-only global modules
M_SysCert_Initialize, // req: winapi
M_SysSyscall_Initialize, // req: full symbols
#endif /* _WIN32 */
};
#endif /* __M_MODULES_H__ */