2016-07-21 23:02:31 +00:00
|
|
|
#pragma once
|
|
|
|
|
|
|
|
|
|
#include <Ntddk.h>
|
2016-08-27 20:18:54 +00:00
|
|
|
#include "PsTable.h"
|
2016-07-21 23:02:31 +00:00
|
|
|
|
|
|
|
|
typedef struct _ProcessTableEntry{
|
|
|
|
|
HANDLE processId;
|
2016-08-27 20:18:54 +00:00
|
|
|
|
2016-07-21 23:02:31 +00:00
|
|
|
BOOLEAN excluded;
|
2016-08-27 20:18:54 +00:00
|
|
|
ULONG inheritExclusion;
|
|
|
|
|
|
2016-07-21 23:02:31 +00:00
|
|
|
BOOLEAN protected;
|
2016-08-27 20:18:54 +00:00
|
|
|
ULONG inheritProtection;
|
|
|
|
|
|
2016-07-21 23:02:31 +00:00
|
|
|
} ProcessTableEntry, *PProcessTableEntry;
|
|
|
|
|
|
|
|
|
|
NTSTATUS InitializeProcessTable(VOID(*InitProcessEntryCallback)(PProcessTableEntry, PCUNICODE_STRING, HANDLE));
|
|
|
|
|
VOID DestroyProcessTable();
|
|
|
|
|
|
|
|
|
|
BOOLEAN AddProcessToProcessTable(PProcessTableEntry entry);
|
|
|
|
|
BOOLEAN RemoveProcessFromProcessTable(PProcessTableEntry entry);
|
|
|
|
|
BOOLEAN GetProcessInProcessTable(PProcessTableEntry entry);
|
|
|
|
|
BOOLEAN UpdateProcessInProcessTable(PProcessTableEntry entry);
|
|
|
|
|
|
