updates and moves

n/a

Win32/Proof of Concepts/CheckKernelEATHook/CheckKernelHookDrv/CheckKernelHook/Common.h

@@ -0,0 +1,31 @@
+#include "DriverEntry.h"
+#include <ntimage.h>
+
+typedef unsigned long DWORD;
+typedef void *HANDLE;
+typedef unsigned char  BOOL, *PBOOL;
+#define SEC_IMAGE    0x01000000
+
+NTSYSAPI
+    PIMAGE_NT_HEADERS
+    NTAPI
+    RtlImageNtHeader(PVOID Base);
+
+NTSTATUS 
+    MapFileInUserSpace(WCHAR* wzFilePath,IN HANDLE hProcess OPTIONAL,
+    OUT PVOID *BaseAddress,
+    OUT PSIZE_T ViewSize OPTIONAL);
+
+    LONG GetSSDTApiFunctionIndexFromNtdll(char* szFindFunctionName);
+    BOOL IsAddressInSystem(ULONG ulDriverBase,ULONG *ulSysModuleBase,ULONG *ulSize,char *lpszSysModuleImage);
+#define OP_NONE 0x00
+#define OP_MODRM 0x01
+#define OP_DATA_I8 0x02
+#define OP_DATA_I16 0x04
+#define OP_DATA_I32 0x08
+#define OP_DATA_PRE66_67 0x10
+#define OP_WORD 0x20
+#define OP_REL32 0x40
+
+unsigned long __fastcall GetFunctionCodeSize(void *Proc);
+    unsigned long __fastcall SizeOfCode(void *Code, unsigned char **pOpcode);