#ifndef __FUNC_H__
#define __FUNC_H__

//rules type
#define RULE_TYPE_LOAD_DRIVER_PROTECTION        0x00000001
#define RULE_TYPE_PHYSICAL_MEMORY_PROTECTION    0x00000002
#define RULE_TYPE_PROCESS_PROTECTION            0x00000101
#define RULE_TYPE_FILE_PROTECTION               0x00000102

//errors
#define ERROR_RULE_EXISTS                       0x80000001
#define ERROR_RULE_DOES_NOT_EXIST               0x80000002

//name of physical memory section object
#define FUNC_DEVICE_PHYSICAL_MEMORY             L"\\Device\\PhysicalMemory"

//structure of rules list
typedef struct FUNC_RULE
{
  struct FUNC_RULE *prev;
  struct FUNC_RULE *next;

  ULONG type;

  union
  {
    struct
    {
      ULONG pid;                                //process id
    } process;

    struct
    {
      int length;                               //length of name in bytes including null termination
      wchar_t name[512];                        //file name
    } file;
  };
} FUNC_RULE,*PFUNC_RULE;


//device extenstion structure
typedef struct DEVICE_EXTENSION
{
  //rules
  KMUTEX rules_mutex;                           //synchronization mechanism for rules structure access

  /*
   in this example we implement rules as a linked list
   you'd never do this in real world application 
   even if your rules fits linked list features you'd rather use kernel implementation of linked list
   but mostly you'll need to access (find) specific rule very fast so you wouldn't use linked list at all
  */
  PFUNC_RULE first_rule,last_rule;

  //notification control
  PIRP notify_irp;                              //pending IRP
  ULONG notify_answer;                          //answer from usermode application
  //notification synchronization
  KMUTEX notify_mutex;                          //mutex for exclusive code protection
  KEVENT notify_event;                          //signal for user answer completion
  KEVENT notify_irp_event;                      //protection for access to notify irp 
} DEVICE_EXTENSION,*PDEVICE_EXTENSION;


int func_protect_process(PDEVICE_EXTENSION dev_ext,ULONG pid,int enable);
int func_protect_file(PDEVICE_EXTENSION dev_ext,wchar_t *name,int enable);
int func_check_process_protection(ULONG pid);
int func_check_file_protection(PWSTR name);
int func_notify_ask_user(PDEVICE_EXTENSION dev_ext,ULONG caller_pid,ULONG type,ULONG id,ULONG access);
int func_init(void);
int func_get_object_name_by_handle(HANDLE handle,UCHAR *buffer,int *length);
int func_is_good_read_ptr(PVOID buf,ULONG size);
int func_free_list(PDEVICE_EXTENSION dev_ext);

extern PDEVICE_EXTENSION global_dev_ext;
extern PVOID func_protected_device_physical_memory;

#endif