phlib nativeflt

winsiderss · Nov 13, 2024 · 38f88f9 · 38f88f9
1 parent 5f2d516
commit 38f88f9
Show file tree

Hide file tree

Showing 8 changed files with 508 additions and 440 deletions.
diff --git a/phlib/include/kphcomms.h b/phlib/include/kphcomms.h
@@ -14,11 +14,6 @@
 
 #include <kphmsg.h>
 
-NTSTATUS KphFilterLoadUnload(
-    _In_ PPH_STRINGREF ServiceName,
-    _In_ BOOLEAN LoadDriver
-    );
-
 /**
  * \brief Callback for handling messages from the kernel.
  *

diff --git a/phlib/include/phnative.h b/phlib/include/phnative.h
@@ -3775,6 +3775,57 @@ PhFlushProcessHeapsRemote(
     _In_opt_ PLARGE_INTEGER Timeout
     );
 
+PHLIBAPI
+NTSTATUS
+NTAPI
+PhFilterLoadUnload(
+    _In_ PPH_STRINGREF ServiceName,
+    _In_ BOOLEAN LoadDriver
+    );
+
+PHLIBAPI
+NTSTATUS
+NTAPI
+PhFilterSendMessage(
+    _In_ HANDLE Port,
+    _In_reads_bytes_(InBufferSize) PVOID InBuffer,
+    _In_ ULONG InBufferSize,
+    _Out_writes_bytes_to_opt_(OutputBufferSize, *BytesReturned) PVOID OutputBuffer,
+    _In_ ULONG OutputBufferSize,
+    _Out_ PULONG BytesReturned
+    );
+
+PHLIBAPI
+NTSTATUS
+NTAPI
+PhFilterGetMessage(
+    _In_ HANDLE Port,
+    _Out_writes_bytes_(MessageBufferSize) PFILTER_MESSAGE_HEADER MessageBuffer,
+    _In_ ULONG MessageBufferSize,
+    _Inout_ LPOVERLAPPED Overlapped
+    );
+
+PHLIBAPI
+NTSTATUS
+NTAPI
+PhFilterReplyMessage(
+    _In_ HANDLE Port,
+    _In_reads_bytes_(ReplyBufferSize) PFILTER_REPLY_HEADER ReplyBuffer,
+    _In_ ULONG ReplyBufferSize
+    );
+
+PHLIBAPI
+NTSTATUS
+NTAPI
+PhFilterConnectCommunicationPort(
+    _In_ PPH_STRINGREF PortName,
+    _In_ ULONG Options,
+    _In_reads_bytes_opt_(SizeOfContext) PVOID ConnectionContext,
+    _In_ USHORT SizeOfContext,
+    _In_opt_ PSECURITY_ATTRIBUTES SecurityAttributes,
+    _Outptr_ PHANDLE Port
+    );
+
 EXTERN_C_END
 
 #endif
diff --git a/phlib/kph.c b/phlib/kph.c
@@ -440,14 +440,14 @@ NTSTATUS KsiLoadUnloadService(
         }
 
         if (Config->EnableFilterLoad)
-            status = KphFilterLoadUnload(Config->ServiceName, TRUE);
+            status = PhFilterLoadUnload(Config->ServiceName, TRUE);
         else
             status = NtLoadDriver(&driverServiceKeyName);
     }
     else
     {
         if (Config->EnableFilterLoad)
-            status = KphFilterLoadUnload(Config->ServiceName, FALSE);
+            status = PhFilterLoadUnload(Config->ServiceName, FALSE);
         else
             status = NtUnloadDriver(&driverServiceKeyName);
     }