Module owlyshield_ransom::driver_com::shared_def [−][src]
Expand description
Contains all definitions shared between this usermode app and the minifilter in order to communicate properly. Those are C-representation of structures sent or received from the minifilter.
Structs
The C object returned by the minifilter, available through ReplyIrp.
It is low level and use C pointers logic which is
not always compatible with RUST (in particular the lifetime of *next). That’s why we convert
it asap to a plain Rust IOMessage object.
next is null (0x0) when there is no IOMessage remaining
Represents a driver message.
Low-level C-like object to communicate with the minifilter. The minifilter yields ReplyIrp objects (retrieved by crate::driver_com::Driver::get_irp to manage the fixed size of the *data buffer. In other words, a ReplyIrp is a collection of CDriverMsg with a capped size.
Stores runtime features that come from owlyshield_predict (and not the minifilter).
This class is the straight Rust translation of the Win32 API UNICODE_STRING, returned by the driver.
Enums
See IOMessage struct. Used with crate::driver_com::IrpMajorOp::IrpSetInfo
See IOMessage struct.