diff --git a/driver/src/utils/mod.rs b/driver/src/utils/mod.rs index f1d56bd..9898971 100644 --- a/driver/src/utils/mod.rs +++ b/driver/src/utils/mod.rs @@ -258,6 +258,14 @@ pub unsafe fn get_process_by_name(process_name: &str) -> Option { None } +/// Retrieves the syscall index for a given function name. +/// +/// # Parameters +/// * `function_name` - The name of the function to retrieve the syscall index for. +/// +/// # Returns +/// `Option` - The syscall index if found, or `None` if an error occurs or the function is not found. +/// pub unsafe fn get_syscall_index(function_name: &str) -> Option { let mut section_handle = null_mut(); let ntdll = crate::utils::uni::str_to_unicode("\\KnownDlls\\ntdll.dll"); @@ -327,10 +335,13 @@ pub unsafe fn get_syscall_index(function_name: &str) -> Option { return None } +/// Finds the address of a specified Zw function. +/// +/// # Parameters +/// - `name`: The name of the Zw function to find. /// -/// -/// -/// +/// # Returns +/// - `Option`: The address of the Zw function if found, or `None` if an error occurs or the function is not found. /// pub unsafe fn find_zw_function(name: &str) -> Option { let ssn = match get_syscall_index(name) { @@ -382,9 +393,17 @@ pub unsafe fn find_zw_function(name: &str) -> Option { return None } -/// +/// Initializes the OBJECT_ATTRIBUTES structure. /// +/// # Parameters +/// * `object_name` - The name of the object (optional). +/// * `attributes` - The attributes of the object. +/// * `root_directory` - The root directory (optional). +/// * `security_descriptor` - The security descriptor (optional). +/// * `security_quality_of_service` - The security quality of service (optional). /// +/// # Returns +/// `OBJECT_ATTRIBUTES` - The initialized OBJECT_ATTRIBUTES structure /// #[allow(non_snake_case)] pub fn InitializeObjectAttributes( @@ -404,10 +423,13 @@ pub fn InitializeObjectAttributes( } } +/// Reads the content of a file given its path. /// -/// -/// -/// +/// # Arguments +/// * `path` - The path to the file. +/// +/// # Returns +/// `Result, NTSTATUS>` - The content of the file as a vector of bytes if successful, or an NTSTATUS error code if an error occurs. /// pub fn read_file(path: &String) -> Result, NTSTATUS> { let mut path_nt = String::new();