Struct owlyshield_ransom::driver_com::Driver[−][src]

pub struct Driver {
    handle: HANDLE,
}

Expand description

A minifilter is identified by a port (know in advance), like a named pipe used for communication, and a handle, retrieved by Self::open_kernel_driver_com.

Fields

handle: HANDLE

Implementations

impl Driver

pub fn _close_kernel_communication(&self) -> bool

Can be used to properly close the communication (and unregister) with the minifilter. If this fn is not used and the program has stopped, the handle is automatically closed, seemingly without any side-effects.

pub fn driver_set_app_pid(&self) -> Result<(), Error>

The usermode running app (this one) has to register itself to the driver.

pub fn open_kernel_driver_com() -> Result<Driver, Error>

Try to open a com canal with the minifilter before this app is registered. This fn can fail is the minifilter is unreachable:

if it is not started (try sc start owlyshieldransomfilter first
if a connection is already established: it can accepts only one at a time. In that case the Error is raised by the OS (windows::Error) and is generally readable.

pub fn get_irp(&self, vecnew: &mut Vec<u8>) -> Option<ReplyIrp>

Ask the driver for a ReplyIrp, if any. This is a low-level function and the returned object uses C pointers. Managing C pointers requires a special care, because of the Rust timelines. ReplyIrp is optional since the minifilter returns null if there is no new activity.

pub fn try_kill(&self, gid: c_ulonglong) -> Result<HRESULT, Error>

Ask the minifilter to kill all pids related to the given gid. Pids are killed in drivermode by calls to NtClose.

fn string_to_commessage_buffer(bufstr: &str) -> [wchar_t; 520]

fn build_irp_msg(
    commsgtype: DriverComMessageType,
    pid: Pid,
    gid: u64,
    path: &str
) -> DriverComMessage

Trait Implementations

impl Debug for Driver

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations

impl RefUnwindSafe for Driver

impl Send for Driver

impl Sync for Driver

impl Unpin for Driver

impl UnwindSafe for Driver

Blanket Implementations

impl<T> Any for T where
T: 'static + ?Sized,

pub fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T where
T: ?Sized,

pub fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T where
T: ?Sized,

pub fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

pub fn from(t: T) -> T

Performs the conversion.

impl<T, U> Into<U> for T where
U: From<T>,

pub fn into(self) -> U

Performs the conversion.

impl<T> Pointable for T

pub const ALIGN: usize

The alignment of pointer.

type Init = T

The type for initializers.

pub unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more

pub unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more

pub unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more

pub unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more

impl<T, U> TryFrom<U> for T where
U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T where
U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

pub fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.