2016-07-21 23:02:31 +00:00
|
|
|
#pragma once
|
|
|
|
|
|
|
|
#include <Ntddk.h>
|
|
|
|
|
2016-08-30 19:40:25 +00:00
|
|
|
typedef struct _ProcessId {
|
|
|
|
HANDLE id;
|
|
|
|
LARGE_INTEGER creationTime;
|
|
|
|
} ProcessId, *PProcessId;
|
|
|
|
|
2016-07-21 23:02:31 +00:00
|
|
|
NTSTATUS InitializePsMonitor(PDRIVER_OBJECT DriverObject);
|
|
|
|
NTSTATUS DestroyPsMonitor();
|
|
|
|
|
|
|
|
BOOLEAN IsProcessExcluded(HANDLE ProcessId);
|
|
|
|
BOOLEAN IsProcessProtected(HANDLE ProcessId);
|
2016-08-27 20:18:54 +00:00
|
|
|
|
2016-08-30 19:40:25 +00:00
|
|
|
NTSTATUS AddProtectedImage(PUNICODE_STRING ImagePath, ULONG InheritType, PULONGLONG ObjId);
|
|
|
|
NTSTATUS GetProtectedProcessState(HANDLE ProcessId, PULONG InheritType, PBOOLEAN Enable);
|
|
|
|
NTSTATUS SetProtectedProcessState(HANDLE ProcessId, ULONG InheritType, BOOLEAN Enable);
|
|
|
|
NTSTATUS RemoveProtectedImage(ULONGLONG ObjId);
|
|
|
|
NTSTATUS RemoveAllProtectedImages();
|
|
|
|
|
|
|
|
NTSTATUS AddExcludedImage(PUNICODE_STRING ImagePath, ULONG InheritType, PULONGLONG ObjId);
|
|
|
|
NTSTATUS GetExcludedProcessState(HANDLE ProcessId, PULONG InheritType, PBOOLEAN Enable);
|
|
|
|
NTSTATUS SetExcludedProcessState(HANDLE ProcessId, ULONG InheritType, BOOLEAN Enable);
|
|
|
|
NTSTATUS RemoveExcludedImage(ULONGLONG ObjId);
|
|
|
|
NTSTATUS RemoveAllExcludedImages();
|