2016-07-21 23:02:31 +00:00
|
|
|
#pragma once
|
|
|
|
|
|
|
|
#include <Ntddk.h>
|
|
|
|
|
2016-08-30 19:40:25 +00:00
|
|
|
typedef struct _ProcessId {
|
|
|
|
HANDLE id;
|
|
|
|
LARGE_INTEGER creationTime;
|
|
|
|
} ProcessId, *PProcessId;
|
|
|
|
|
2016-07-21 23:02:31 +00:00
|
|
|
NTSTATUS InitializePsMonitor(PDRIVER_OBJECT DriverObject);
|
|
|
|
NTSTATUS DestroyPsMonitor();
|
|
|
|
|
|
|
|
BOOLEAN IsProcessExcluded(HANDLE ProcessId);
|
|
|
|
BOOLEAN IsProcessProtected(HANDLE ProcessId);
|
2016-08-27 20:18:54 +00:00
|
|
|
|
2016-10-18 21:28:55 +00:00
|
|
|
NTSTATUS AddProtectedImage(PUNICODE_STRING ImagePath, ULONG InheritType, BOOLEAN ApplyForProcesses, PULONGLONG ObjId);
|
2016-08-30 19:40:25 +00:00
|
|
|
NTSTATUS GetProtectedProcessState(HANDLE ProcessId, PULONG InheritType, PBOOLEAN Enable);
|
|
|
|
NTSTATUS SetProtectedProcessState(HANDLE ProcessId, ULONG InheritType, BOOLEAN Enable);
|
|
|
|
NTSTATUS RemoveProtectedImage(ULONGLONG ObjId);
|
|
|
|
NTSTATUS RemoveAllProtectedImages();
|
|
|
|
|
2016-10-18 21:28:55 +00:00
|
|
|
NTSTATUS AddExcludedImage(PUNICODE_STRING ImagePath, ULONG InheritType, BOOLEAN ApplyForProcesses, PULONGLONG ObjId);
|
2016-08-30 19:40:25 +00:00
|
|
|
NTSTATUS GetExcludedProcessState(HANDLE ProcessId, PULONG InheritType, PBOOLEAN Enable);
|
|
|
|
NTSTATUS SetExcludedProcessState(HANDLE ProcessId, ULONG InheritType, BOOLEAN Enable);
|
|
|
|
NTSTATUS RemoveExcludedImage(ULONGLONG ObjId);
|
|
|
|
NTSTATUS RemoveAllExcludedImages();
|
2021-07-25 20:15:08 +00:00
|
|
|
|
|
|
|
NTSTATUS AddHiddenImage(PUNICODE_STRING ImagePath, ULONG InheritType, BOOLEAN ApplyForProcesses, PULONGLONG ObjId);
|
|
|
|
NTSTATUS GetHiddenProcessState(HANDLE ProcessId, PULONG InheritType, PBOOLEAN Enable);
|
|
|
|
NTSTATUS SetHiddenProcessState(HANDLE ProcessId, ULONG InheritType, BOOLEAN Enable);
|
|
|
|
NTSTATUS RemoveHiddenImage(ULONGLONG ObjId);
|
2021-07-29 00:25:01 +00:00
|
|
|
NTSTATUS RemoveAllHiddenImages();
|
|
|
|
NTSTATUS RemoveAllHiddenProcesses();
|