Fixed issue with avoiding parent process checking and etc

Hidden/PsMonitor.c

@@ -285,7 +285,7 @@ VOID CreateProcessNotifyCallback(PEPROCESS Process, HANDLE ProcessId, PPS_CREATE
 			return;
 		}
 
-		CheckProcessFlags(&entry, &normalized, CreateInfo->ParentProcessId);
+		CheckProcessFlags(&entry, &normalized, PsGetCurrentProcessId()/*CreateInfo->ParentProcessId*/);
 
 		if (entry.excluded)
 			DbgPrint("FsFilter1!" __FUNCTION__ ": excluded process:%d\n", ProcessId);

HiddenCLI/Connection.cpp

@@ -17,6 +17,9 @@ Connection::Connection(Arguments& args) :
 			args.SwitchToNext();
 			if (!args.GetNext(m_deviceName))
 				throw WException(-2, L"Error, mismatched argument for command 'gate'");
+
+			if (m_deviceName.compare(0, 1, L"\\") != 0)
+				m_deviceName.insert(0, L"\\\\.\\");
 		}
 		else
 		{

HiddenCLI/HiddenCLI.cpp

@@ -7,6 +7,77 @@
 
 using namespace std;
 
+bool PrintUsage(Arguments& args)
+{
+	wstring command;
+
+	if (!args.Probe(command))
+		return false;
+
+	if (command != L"/help" && command != L"/?")
+		return false;
+	
+	wchar_t message[] =
+		L"hiddencli [connection] <command>\n"
+		L"hiddencli /help\n"
+		L"\n"
+		L"connection:\n"
+		L"\n"
+		L"  gate <%name%>\n"
+		L"    Set specific connection gate name (driver device name)\n"
+		L"\n"
+		L"commands:\n"
+		L"\n"
+		L"  state <on|off>\n"
+		//L"    Enable or disable hidden\n"
+		L"    Doesn't implemented yet\n"
+		L"\n"
+		L"  hide <file|dir|regval|regkey> <%path%>\n"
+		L"    Hide filesystem or registry object by path\n"
+		L"\n"
+		L"  unhide <file|dir|regval|regkey> all\n"
+		L"    Unhide all filesystem or registry object by selected type\n"
+		L"\n"
+		L"  unhide <file|dir|regval|regkey> <%ruleid%>\n"
+		L"    Unhide all filesystem or registry object by selected type and rule ID\n"
+		L"\n"
+		L"  ignore image [inherit:<none|always|once>] [apply:<fornew|forall>] <%path%>\n"
+		L"    Set rule that allows to see hidden filesystem and registry objects for processes with specific image path\n"
+		L"\n"
+		L"  unignore <%ruleid%>\n"
+		L"    Remove rule that allows to see hidden filesystem and registry objects by rule ID\n"
+		L"\n"
+		L"  unignore all\n"
+		L"    Remove all rules that allow to see hidden filesystem and registry objects\n"
+		L"\n"
+		L"  ignore pid [inherit:<none|always|once>] <%pid%>\n"
+		L"    Turn on abillity to see hidden filesystem and registry objects for specific process by PID\n"
+		L"\n"
+		L"  unignore pid <%pid%>\n"
+		L"    Turn off abillity to see hidden filesystem and registry objects for specific process by PID\n"
+		L"\n"
+		L"  protect image [inherit:<none|always|once>] [apply:<fornew|forall>] <%path%>\n"
+		L"    Set rule that allows to enable process protection for processes with specific image path\n"
+		L"\n"
+		L"  unprotect <%ruleid%>\n"
+		L"    Remove rule that enables process protection by rule ID\n"
+		L"\n"
+		L"  unprotect all\n"
+		L"    Remove all rules that enable process protection\n"
+		L"\n"
+		L"  protect pid [inherit:<none|always|once>] <%pid%>\n"
+		L"    Turn on protection for specific process by PID\n"
+		L"\n"
+		L"  unprotect pid <%pid%>\n"
+		L"    Turn off protection for specific process by PID\n"
+		L"\n"
+		L"  query process <%pid%>\n"
+		L"    Query information about state of the process by PID\n";
+
+	wcout << message << endl;
+	return true;
+}
+
 int wmain(int argc, wchar_t* argv[])
 {
 	try 
@@ -20,6 +91,7 @@ int wmain(int argc, wchar_t* argv[])
 				L"Welcome to HiddenCLI, please use 'hiddencli /help'"
 			);
 
+		if (!PrintUsage(arguments))
 		{
 			Commands commands(arguments);
 

HiddenCLI/Hide.cpp

@@ -79,7 +79,7 @@ void CommandHide::PerformCommand(Connection& connection)
 		throw WException(HID_STATUS_CODE(status), L"Error, command 'hide' rejected");
 
 	wcerr << L"Command 'hide' successful" << endl;
-	wcout << L"status:ok;objid:" << objId << endl;
+	wcout << L"status:ok;ruleid:" << objId << endl;
 }
 
 // =================

HiddenCLI/Ignore.cpp

@@ -83,7 +83,7 @@ void CommandIgnore::PerformCommand(Connection& connection)
 	if (m_procType == EProcTypes::TypeProcessId)
 		wcout << L"status:ok" << endl;
 	else
-		wcout << L"status:ok;objid:" << objId << endl;
+		wcout << L"status:ok;ruleid:" << objId << endl;
 }
 
 // =================

HiddenCLI/Protect.cpp

@@ -83,7 +83,7 @@ void CommandProtect::PerformCommand(Connection& connection)
 	if (m_procType == EProcTypes::TypeProcessId)
 		wcout << L"status:ok" << endl;
 	else
-		wcout << L"status:ok;objid:" << objId << endl;
+		wcout << L"status:ok;ruleid:" << objId << endl;
 }
 
 // =================

HiddenCLI/cli.txt

@@ -1,5 +1,6 @@
 
 hiddencli [connection] <command>
+hiddencli /help
 
 connection: