SYMBOL INDEX (146 symbols across 26 files) FILE: ControlPanel/ControlPanel.h function class (line 16) | class ControlPanel : public QWidget FILE: ControlPanel/dlcommon.h function namespace (line 33) | namespace Common { FILE: ControlPanel/dldrivers.cpp function BOOL (line 28) | static BOOL _fileExists(const char *filename) { function QString (line 34) | QString Drivers::GetFileVersion(QString fName) { function QString (line 101) | QString Drivers::GetFileLastWriteTime(QString fName) { FILE: ControlPanel/dldrivers.h function namespace (line 27) | namespace Drivers { FILE: ControlPanel/dlioctl.cpp function QString (line 38) | QString ProtectedDriverControl::safeRead() function QString (line 56) | QString ProtectedDriverControl::safeExec() function QString (line 76) | QString ProtectedDriverControl::unsafeRead() function QString (line 94) | QString ProtectedDriverControl::unsafeExec() FILE: ControlPanel/dlioctl.h function class (line 11) | class ProtectedDriverControl function class (line 31) | class MalwareDriverControl FILE: ControlPanel/dlservices.cpp function SC_HANDLE (line 36) | SC_HANDLE Services::Open(QString service) { FILE: ControlPanel/dlservices.h function namespace (line 28) | namespace Services { FILE: ControlPanel/main.cpp function execmd (line 7) | int execmd(char* cmd, char* result) { function main (line 22) | int main(int argc, char *argv[]) FILE: KernelHiddenExcute/HiddenCallApiTransfer.h function NTSTATUS (line 8) | NTSTATUS SimulateApi(ULONG64 param1) function NTSTATUS (line 19) | NTSTATUS ApiTransfer_SimulateApi(PHIDDEN_PAGE_RECORD pHiddenPageRecord, ... FILE: KernelHiddenExcute/HiddenExecute.h type MMPTE (line 27) | typedef struct _MMPTE type SPECIFIC_HIDDEN_PAGE_RECORD (line 50) | typedef struct _SPECIFIC_HIDDEN_PAGE_RECORD type HIDDEN_PAGE_RECORD (line 58) | typedef struct _HIDDEN_PAGE_RECORD function NTSTATUS (line 83) | NTSTATUS InitializeHiddenPageRecordStructure(PHIDDEN_PAGE_RECORD* ppHidd... function NTSTATUS (line 119) | NTSTATUS FreeHiddenPageRecordStructure(PHIDDEN_PAGE_RECORD pHiddenPageRe... function PVOID (line 148) | PVOID pPTEPFNtoPhysicalAddress(ULONG64 PFN) function ULONG64 (line 157) | ULONG64 pPhysicalAddresstoPTEPFN(PVOID PhysicalAddressBase) function PMMPTE (line 169) | PMMPTE pGetSpecificAddresspPTEPhysical(ULONG64 CR3, PVOID pPageBase) function PVOID (line 221) | PVOID pGetSpecificAddressPhysicalForR3(ULONG64 CR3, PVOID pVirtual) function NTSTATUS (line 295) | NTSTATUS AddHiddenPageRecord(ULONG64 CR3, PVOID pHiddenPageBase, PHIDDEN... function NTSTATUS (line 384) | NTSTATUS RemoveAndRestoreAllHiddenPageRecord(PHIDDEN_PAGE_RECORD pHidden... function NTSTATUS (line 444) | NTSTATUS ContextOriginalToHidden(PHIDDEN_PAGE_RECORD pHiddenPageRecord) function NTSTATUS (line 513) | NTSTATUS ContextHiddenToOriginal(PHIDDEN_PAGE_RECORD pHiddenPageRecord) function ULONG64 (line 573) | ULONG64 GetPagesCountByLength(ULONG64 Length) function NTSTATUS (line 590) | NTSTATUS AddHiddenSection(ULONG64 SystemCR3, PDRIVER_OBJECT pDriverObj, ... FILE: KernelHiddenExcute/HiddenFunctions.h function NTSTATUS (line 6) | NTSTATUS HiddenFunctionA(PHIDDEN_PAGE_RECORD pHiddenPageRecord) FILE: KernelHiddenExcute/PhysicalMemoryOperation.h type PHYSICAL_OP_CR3 (line 15) | typedef struct _PHYSICAL_OP_CR3 type MMPDPTE (line 36) | typedef struct _MMPDPTE type MMPDE (line 60) | typedef struct _MMPDE type MMVA (line 84) | typedef struct _MMVA type MMVA_PDPTE_LARGE (line 97) | typedef struct _MMVA_PDPTE_LARGE type MMVA_PDE_LARGE (line 108) | typedef struct _MMVA_PDE_LARGE function HANDLE (line 127) | HANDLE OpenPhysicalMemory() function BOOLEAN (line 143) | BOOLEAN pMapPhysicalMemoryPre(HANDLE hMemory, PDWORD64 pDwAddress, PSIZE... function PVOID (line 156) | PVOID MapPhysicalMemory(PVOID PA, SIZE_T Size) function BOOLEAN (line 163) | BOOLEAN UnmapPhysicalMemory(PVOID VA) function ULONG64 (line 175) | ULONG64 GetCR3Flag(ULONG64 CR3) function ULONG64 (line 184) | ULONG64 ClearCR3Flag(ULONG64 CR3) function VOID (line 193) | VOID pPrintPhysicalOpStructure(PPHYSICAL_OP_CR3 pPhysicalOpCR3) function NTSTATUS (line 214) | NTSTATUS pFreePhysicalOpPageTableMemory(PPHYSICAL_OP_CR3 pPhysicalOpCR3) function NTSTATUS (line 242) | NTSTATUS pAllocPhysicalOpPageTableMemory(PPHYSICAL_OP_CR3 pPhysicalOpCR3) function NTSTATUS (line 274) | NTSTATUS pMapSystemPML4T(ULONG64 SystemCR3, PPHYSICAL_OP_CR3 pPhysicalOp... function NTSTATUS (line 293) | NTSTATUS pUnmapSystemPML4T(PPHYSICAL_OP_CR3 pPhysicalOpCR3) function NTSTATUS (line 314) | NTSTATUS pFillGeneratedPML4TandPDPT(PPHYSICAL_OP_CR3 pPhysicalOpCR3) function NTSTATUS (line 350) | NTSTATUS CreatePhysicalOpCR3BySystemCR3(ULONG64 SystemCR3, PPHYSICAL_OP_... function NTSTATUS (line 391) | NTSTATUS FreePhysicalOpCR3(PPHYSICAL_OP_CR3 pPhysicalOpCR3) function NTSTATUS (line 422) | NTSTATUS ContextVirtualToPhysical(PPHYSICAL_OP_CR3 pPhysicalOpCR3) function NTSTATUS (line 454) | NTSTATUS ContextPhysicalToVirtual(PPHYSICAL_OP_CR3 pPhysicalOpCR3) function ULONG64 (line 485) | ULONG64 GetCR3ByEprocess(PEPROCESS pEProc) function PEPROCESS (line 499) | PEPROCESS GetEProcess(ULONG64 PID) function ULONG64 (line 524) | ULONG64 GetCR3ByPID(ULONG64 PID) FILE: KernelHiddenExcute/SectionOperation.h type LDR_DATA_TABLE_ENTRY64 (line 4) | typedef struct _LDR_DATA_TABLE_ENTRY64 function PIMAGE_SECTION_HEADER (line 30) | PIMAGE_SECTION_HEADER GetSegmentHeadPointer(PDRIVER_OBJECT pDriverObj, P... function ULONG64 (line 71) | ULONG64 GetDriverBaseAddress(PDRIVER_OBJECT pDriverObj, PCHAR pSegName) function ULONG64 (line 77) | ULONG64 GetSegmentAddressPointer(PDRIVER_OBJECT pDriverObj, PCHAR pSegName) function ULONG64 (line 82) | ULONG64 GetSegmentLengthPointer(PDRIVER_OBJECT pDriverObj, PCHAR pSegName) function ULONG64 (line 87) | ULONG64 GetSegmentRawDataAddressPointer(PDRIVER_OBJECT pDriverObj, PCHAR... function ULONG64 (line 92) | ULONG64 GetSegmentRawDataLengthPointer(PDRIVER_OBJECT pDriverObj, PCHAR ... function ULONG64 (line 98) | ULONG64 GetSegmentStartAddress(PDRIVER_OBJECT pDriverObj, PCHAR pSegName) function ULONG64 (line 105) | ULONG64 GetSegmentEndAddress(PDRIVER_OBJECT pDriverObj, PCHAR pSegName) function ULONG64 (line 113) | ULONG64 GetSegmentLength(PDRIVER_OBJECT pDriverObj, PCHAR pSegName) FILE: KernelHiddenExcute/main.c function NTSTATUS (line 3) | NTSTATUS DispatchCreate(PDEVICE_OBJECT pDevObj, PIRP pIrp) function NTSTATUS (line 11) | NTSTATUS DispatchClose(PDEVICE_OBJECT pDevObj, PIRP pIrp) function NTSTATUS (line 19) | NTSTATUS DispatchIoctl(PDEVICE_OBJECT pDevObj, PIRP pIrp) function VOID (line 48) | VOID DriverUnload(PDRIVER_OBJECT pDriverObj) function VOID (line 62) | VOID WriteEnable() function VOID (line 69) | VOID WriteDisable() function NTSTATUS (line 76) | NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObj, PUNICODE_STRING pRegistr... FILE: KernelHiddenExecute/HiddenCallApiTransfer.c function NTSTATUS (line 11) | NTSTATUS SimulateApi(ULONG64 param1) function NTSTATUS (line 22) | NTSTATUS ApiTransfer_SimulateApi(PHIDDEN_PAGE_RECORD pHiddenPageRecord, ... FILE: KernelHiddenExecute/HiddenExecute.c function NTSTATUS (line 19) | NTSTATUS InitializeHiddenPageRecordStructure(PHIDDEN_PAGE_RECORD* ppHidd... function NTSTATUS (line 59) | NTSTATUS FreeHiddenPageRecordStructure(PHIDDEN_PAGE_RECORD pHiddenPageRe... function PVOID (line 88) | PVOID pPTEPFNtoPhysicalAddress(ULONG64 PFN) function ULONG64 (line 97) | ULONG64 pPhysicalAddresstoPTEPFN(PVOID PhysicalAddressBase) function PMMPTE (line 109) | PMMPTE pGetSpecificAddresspPTEPhysical(ULONG64 CR3, PVOID pPageBase) function PVOID (line 161) | PVOID pGetSpecificAddressPhysicalForR3(ULONG64 CR3, PVOID pVirtual) function NTSTATUS (line 235) | NTSTATUS AddHiddenPageRecord(ULONG64 CR3, PVOID pHiddenPageBase, PHIDDEN... function NTSTATUS (line 324) | NTSTATUS RemoveAndRestoreAllHiddenPageRecord(PHIDDEN_PAGE_RECORD pHidden... function NTSTATUS (line 384) | NTSTATUS ContextOriginalToHidden(PHIDDEN_PAGE_RECORD pHiddenPageRecord) function NTSTATUS (line 453) | NTSTATUS ContextHiddenToOriginal(PHIDDEN_PAGE_RECORD pHiddenPageRecord) function ULONG64 (line 513) | ULONG64 GetPagesCountByLength(ULONG64 Length) function NTSTATUS (line 530) | NTSTATUS AddHiddenSection(ULONG64 SystemCR3, PDRIVER_OBJECT pDriverObj, ... FILE: KernelHiddenExecute/HiddenExecute.h type MMPTE (line 46) | typedef struct _MMPTE type SPECIFIC_HIDDEN_PAGE_RECORD (line 69) | typedef struct _SPECIFIC_HIDDEN_PAGE_RECORD type HIDDEN_PAGE_RECORD (line 77) | typedef struct _HIDDEN_PAGE_RECORD FILE: KernelHiddenExecute/HiddenFunctions.c function BOOL (line 19) | BOOL HiddenFunction(PCHAR checkStr) function BOOL (line 29) | BOOL UnsafeFunction(PCHAR checkStr) FILE: KernelHiddenExecute/PhysicalMemoryOperation.c function HANDLE (line 21) | HANDLE OpenPhysicalMemory() function BOOLEAN (line 37) | BOOLEAN pMapPhysicalMemoryPre(HANDLE hMemory, PDWORD64 pDwAddress, PSIZE... function PVOID (line 50) | PVOID MapPhysicalMemory(PVOID PA, SIZE_T Size) function BOOLEAN (line 57) | BOOLEAN UnmapPhysicalMemory(PVOID VA) function ULONG64 (line 69) | ULONG64 GetCR3Flag(ULONG64 CR3) function ULONG64 (line 78) | ULONG64 ClearCR3Flag(ULONG64 CR3) function VOID (line 87) | VOID pPrintPhysicalOpStructure(PPHYSICAL_OP_CR3 pPhysicalOpCR3) function NTSTATUS (line 108) | NTSTATUS pFreePhysicalOpPageTableMemory(PPHYSICAL_OP_CR3 pPhysicalOpCR3) function NTSTATUS (line 136) | NTSTATUS pAllocPhysicalOpPageTableMemory(PPHYSICAL_OP_CR3 pPhysicalOpCR3) function NTSTATUS (line 168) | NTSTATUS pMapSystemPML4T(ULONG64 SystemCR3, PPHYSICAL_OP_CR3 pPhysicalOp... function NTSTATUS (line 187) | NTSTATUS pUnmapSystemPML4T(PPHYSICAL_OP_CR3 pPhysicalOpCR3) function NTSTATUS (line 208) | NTSTATUS pFillGeneratedPML4TandPDPT(PPHYSICAL_OP_CR3 pPhysicalOpCR3) function NTSTATUS (line 244) | NTSTATUS CreatePhysicalOpCR3BySystemCR3(ULONG64 SystemCR3, PPHYSICAL_OP_... function NTSTATUS (line 285) | NTSTATUS FreePhysicalOpCR3(PPHYSICAL_OP_CR3 pPhysicalOpCR3) function NTSTATUS (line 316) | NTSTATUS ContextVirtualToPhysical(PPHYSICAL_OP_CR3 pPhysicalOpCR3) function NTSTATUS (line 348) | NTSTATUS ContextPhysicalToVirtual(PPHYSICAL_OP_CR3 pPhysicalOpCR3) function ULONG64 (line 379) | ULONG64 GetCR3ByEprocess(PEPROCESS pEProc) function PEPROCESS (line 393) | PEPROCESS GetEProcess(ULONG64 PID) function ULONG64 (line 418) | ULONG64 GetCR3ByPID(ULONG64 PID) FILE: KernelHiddenExecute/PhysicalMemoryOperation.h type PHYSICAL_OP_CR3 (line 26) | typedef struct _PHYSICAL_OP_CR3 type MMPDPTE (line 45) | typedef struct _MMPDPTE type MMPDE (line 69) | typedef struct _MMPDE type MMVA (line 93) | typedef struct _MMVA type MMVA_PDPTE_LARGE (line 106) | typedef struct _MMVA_PDPTE_LARGE type MMVA_PDE_LARGE (line 117) | typedef struct _MMVA_PDE_LARGE FILE: KernelHiddenExecute/SectionOperation.c function PIMAGE_SECTION_HEADER (line 7) | PIMAGE_SECTION_HEADER GetSegmentHeadPointer(PDRIVER_OBJECT pDriverObj, P... function ULONG64 (line 48) | ULONG64 GetDriverBaseAddress(PDRIVER_OBJECT pDriverObj, PCHAR pSegName) function ULONG64 (line 54) | ULONG64 GetSegmentAddressPointer(PDRIVER_OBJECT pDriverObj, PCHAR pSegName) function ULONG64 (line 59) | ULONG64 GetSegmentLengthPointer(PDRIVER_OBJECT pDriverObj, PCHAR pSegName) function ULONG64 (line 64) | ULONG64 GetSegmentRawDataAddressPointer(PDRIVER_OBJECT pDriverObj, PCHAR... function ULONG64 (line 69) | ULONG64 GetSegmentRawDataLengthPointer(PDRIVER_OBJECT pDriverObj, PCHAR ... function ULONG64 (line 75) | ULONG64 GetSegmentStartAddress(PDRIVER_OBJECT pDriverObj, PCHAR pSegName) function ULONG64 (line 82) | ULONG64 GetSegmentEndAddress(PDRIVER_OBJECT pDriverObj, PCHAR pSegName) function ULONG64 (line 90) | ULONG64 GetSegmentLength(PDRIVER_OBJECT pDriverObj, PCHAR pSegName) FILE: KernelHiddenExecute/SectionOperation.h type LDR_DATA_TABLE_ENTRY64 (line 12) | typedef struct _LDR_DATA_TABLE_ENTRY64 FILE: KernelHiddenExecute/main.c function NTSTATUS (line 13) | NTSTATUS DispatchCreate(PDEVICE_OBJECT pDevObj, PIRP pIrp) function NTSTATUS (line 21) | NTSTATUS DispatchClose(PDEVICE_OBJECT pDevObj, PIRP pIrp) function NTSTATUS (line 29) | NTSTATUS DispatchIoctl(PDEVICE_OBJECT pDevObj, PIRP pIrp) function VOID (line 83) | VOID DriverUnload(PDRIVER_OBJECT pDriverObj) function NTSTATUS (line 111) | NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObj, PUNICODE_STRING pRegistr... FILE: Malware/Attack.c function VOID (line 16) | VOID WriteEnable() function VOID (line 23) | VOID WriteDisable() function VOID (line 32) | VOID cal_next(PCHAR str, PLONG_PTR next, LONG_PTR len) function PVOID (line 46) | PVOID KMP(PVOID str, LONG_PTR slen, PVOID ptr, LONG_PTR plen) function BOOL (line 74) | BOOL AttackCodeAndData(PDRIVER_OBJECT pDrvObj, PCHAR pSegName, PCHAR pPa... function NTSTATUS (line 104) | NTSTATUS AttackDemoDriver(BOOL restore) FILE: Malware/main.c function NTSTATUS (line 6) | NTSTATUS DispatchCreate(PDEVICE_OBJECT pDevObj, PIRP pIrp) function NTSTATUS (line 14) | NTSTATUS DispatchClose(PDEVICE_OBJECT pDevObj, PIRP pIrp) function NTSTATUS (line 22) | NTSTATUS DispatchIoctl(PDEVICE_OBJECT pDevObj, PIRP pIrp) function VOID (line 49) | VOID DriverUnload(PDRIVER_OBJECT pDriverObj) function NTSTATUS (line 63) | NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObj, PUNICODE_STRING pRegistr...