-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathStackGuard.h
More file actions
22 lines (18 loc) · 940 Bytes
/
Copy pathStackGuard.h
File metadata and controls
22 lines (18 loc) · 940 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
#pragma once
#include <windows.h>
#define IBS_DEVICE_NAME L"\\Device\\IbsStackGuard"
#define IBS_DOSDEVICE_NAME L"\\DosDevices\\IbsStackGuard"
#define IBS_WIN32_NAME L"\\\\.\\IbsStackGuard"
#define FILE_DEVICE_IBS 0x8001
#define IOCTL_IBS_VALIDATE_USER_STACK \
CTL_CODE(FILE_DEVICE_IBS, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS)
typedef struct _IBS_VALIDATION_INPUT {
PVOID UserRsp; // pointer to the top of the user stack (where the return address is located)
PVOID ExpectedReturn; // expected return address to validate against
} IBS_VALIDATION_INPUT, * PIBS_VALIDATION_INPUT;
typedef struct _IBS_VALIDATION_OUTPUT {
PVOID ValueAtRsp; // value read at UserRsp
BOOLEAN ProbeOk; // whether the probe to UserRsp succeeded
BOOLEAN Match; // whether ValueAtRsp matches ExpectedReturn
NTSTATUS Status; // status of the operation
} IBS_VALIDATION_OUTPUT, * PIBS_VALIDATION_OUTPUT;