NTSTATUS kkll_m_notify_list_object(PKIWI_BUFFER outBuffer)
{
NTSTATUS status = STATUS_SUCCESS;
POBJECT_DIRECTORY_ENTRY pEntry;
ULONG_PTR pType;
POBJECT_CALLBACK_ENTRY pCallbackEntry;
ULONG i, j;
PVOID miniProc;
if(!ObpTypeDirectoryObject)
status = kkll_m_notify_search(ObjectReferences, sizeof(ObjectReferences) / sizeof(KKLL_M_MEMORY_GENERIC), (PUCHAR *) &ObpTypeDirectoryObject, NULL, &pObpTypeDirectoryObjectOffsets);
if(ObpTypeDirectoryObject)
{
for(i = 0; NT_SUCCESS(status) && (i < OBJECT_HASH_TABLE_SIZE); i++)
{
for(pEntry = (*ObpTypeDirectoryObject)->HashBuckets[i]; NT_SUCCESS(status) && pEntry; pEntry = pEntry->ChainLink)
{
if(pType = (ULONG_PTR) pEntry->Object)
{
status = kprintf(outBuffer, L"\n * %wZ\n", pType + pObpTypeDirectoryObjectOffsets->off1);
if(KiwiOsIndex >= KiwiOsIndex_VISTA)
{
for(pCallbackEntry = *(POBJECT_CALLBACK_ENTRY *) (pType + pObpTypeDirectoryObjectOffsets->off3) ; NT_SUCCESS(status) && (pCallbackEntry != (POBJECT_CALLBACK_ENTRY) (pType + pObpTypeDirectoryObjectOffsets->off3)) ; pCallbackEntry = (POBJECT_CALLBACK_ENTRY) pCallbackEntry->CallbackList.Flink)
{
if(pCallbackEntry->PreOperation || pCallbackEntry->PostOperation)
{
status = kprintf(outBuffer, L"\t* Callback [type %u]\n", pCallbackEntry->Operations);
if(NT_SUCCESS(status) && pCallbackEntry->PreOperation)
{
status = kprintf(outBuffer, L"\t\tPreOperation : ");
if(NT_SUCCESS(status))
status = kkll_m_modules_fromAddr(outBuffer, pCallbackEntry->PreOperation);
}
if(NT_SUCCESS(status) && pCallbackEntry->PostOperation)
{
status = kprintf(outBuffer, L"\t\tPreOperation : ");
if(NT_SUCCESS(status))
status = kkll_m_modules_fromAddr(outBuffer, pCallbackEntry->PostOperation);
}
}
}
}
for(j = 0; NT_SUCCESS(status) && (j < 8) ; j++)
{
if(miniProc = *(PVOID *) (pType + pObpTypeDirectoryObjectOffsets->off2 + (sizeof(PVOID) * j)))
{
status = kprintf(outBuffer, L"\t%s - ", procCallToName[j]);
if(NT_SUCCESS(status))
status = kkll_m_modules_fromAddr(outBuffer, miniProc);
}
}
}
}
}
}
return status;
}
NTSTATUS kkll_m_notify_list(PKIWI_BUFFER outBuffer, PKKLL_M_MEMORY_GENERIC generics, SIZE_T cbGenerics, PUCHAR * ptr, PULONG pRoutineMax)
{
NTSTATUS status = STATUS_SUCCESS;
PKKLL_M_NOTIFY_CALLBACK pNotifyCallback;
ULONG i;
if(!*ptr)
status = kkll_m_notify_search(generics, cbGenerics, ptr, pRoutineMax, NULL);
if(*ptr)
{
for(i = 0; NT_SUCCESS(status) && (i < *pRoutineMax); i++)
{
if(pNotifyCallback = (PKKLL_M_NOTIFY_CALLBACK) KIWI_mask3bits(((PVOID *) *ptr)[i]))
{
status = kprintf(outBuffer, L"[%.2u] ", i);
if(NT_SUCCESS(status))
status = kkll_m_modules_fromAddr(outBuffer, pNotifyCallback->callback);
}
}
}
return status;
}
NTSTATUS kkll_m_notify_list_reg(PKIWI_BUFFER outBuffer)
{
NTSTATUS status = STATUS_SUCCESS;
PKKLL_M_NOTIFY_CALLBACK pNotifyCallback;
PLIST_ENTRY pEntry;
ULONG i;
if(!CallbackListHeadOrCmpCallBackVector)
status = kkll_m_notify_search(RegReferences, ARRAYSIZE(RegReferences), (PUCHAR *) &CallbackListHeadOrCmpCallBackVector, NULL, &pCmpCallBackOffsets);
if(CallbackListHeadOrCmpCallBackVector)
{
if(KiwiOsIndex < KiwiOsIndex_VISTA)
{
for(i = 0; NT_SUCCESS(status) && (i < CM_REG_MAX_CALLBACKS); i++)
{
if(pNotifyCallback = (PKKLL_M_NOTIFY_CALLBACK) KIWI_mask3bits(CallbackListHeadOrCmpCallBackVector[i]))
{
status = kprintf(outBuffer, L"[%.2u] ", i);
if(NT_SUCCESS(status))
status = kkll_m_modules_fromAddr(outBuffer, pNotifyCallback->callback);
}
}
}
else
{
for(pEntry = (PLIST_ENTRY) *CallbackListHeadOrCmpCallBackVector, i = 0 ; NT_SUCCESS(status) && (pEntry != (PLIST_ENTRY) CallbackListHeadOrCmpCallBackVector); pEntry = (PLIST_ENTRY) (pEntry->Flink), i++)
{
status = kprintf(outBuffer, L"[%.2u] ", i);
if(NT_SUCCESS(status))
status = kkll_m_modules_fromAddr(outBuffer, *(PVOID *) ((ULONG_PTR) pEntry + pCmpCallBackOffsets->off1));
}
}
}
return status;
}
