mirror of
https://github.com/JKornev/hidden
synced 2024-06-16 03:58:04 +00:00
Fix for BSOD and vmware.conf
This commit is contained in:
parent
8a9ba43e23
commit
67355c72c4
@ -17,7 +17,7 @@ typedef struct _EXCLUDE_FILE_LIST_ENTRY {
|
|||||||
|
|
||||||
typedef struct _EXCLUDE_FILE_CONTEXT {
|
typedef struct _EXCLUDE_FILE_CONTEXT {
|
||||||
LIST_ENTRY listHead;
|
LIST_ENTRY listHead;
|
||||||
KSPIN_LOCK listLock;
|
FAST_MUTEX listLock;
|
||||||
ULONGLONG guidCounter;
|
ULONGLONG guidCounter;
|
||||||
UINT32 type;
|
UINT32 type;
|
||||||
} EXCLUDE_FILE_CONTEXT, *PEXCLUDE_FILE_CONTEXT;
|
} EXCLUDE_FILE_CONTEXT, *PEXCLUDE_FILE_CONTEXT;
|
||||||
@ -54,7 +54,7 @@ NTSTATUS InitializeExcludeListContext(PExcludeContext Context, UINT32 Type)
|
|||||||
}
|
}
|
||||||
|
|
||||||
InitializeListHead(&cntx->listHead);
|
InitializeListHead(&cntx->listHead);
|
||||||
KeInitializeSpinLock(&cntx->listLock);
|
ExInitializeFastMutex(&cntx->listLock);
|
||||||
cntx->guidCounter = 1;
|
cntx->guidCounter = 1;
|
||||||
cntx->type = Type;
|
cntx->type = Type;
|
||||||
|
|
||||||
@ -94,7 +94,7 @@ NTSTATUS AddExcludeListEntry(ExcludeContext Context, PUNICODE_STRING FilePath, U
|
|||||||
{
|
{
|
||||||
enum { MAX_PATH_SIZE = 1024 };
|
enum { MAX_PATH_SIZE = 1024 };
|
||||||
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
//KLOCK_QUEUE_HANDLE lockHandle;
|
||||||
PEXCLUDE_FILE_LIST_ENTRY entry, head;
|
PEXCLUDE_FILE_LIST_ENTRY entry, head;
|
||||||
UNICODE_STRING temp;
|
UNICODE_STRING temp;
|
||||||
SIZE_T size;
|
SIZE_T size;
|
||||||
@ -158,10 +158,10 @@ NTSTATUS AddExcludeListEntry(ExcludeContext Context, PUNICODE_STRING FilePath, U
|
|||||||
head = (PEXCLUDE_FILE_LIST_ENTRY)&cntx->listHead;
|
head = (PEXCLUDE_FILE_LIST_ENTRY)&cntx->listHead;
|
||||||
}
|
}
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&cntx->listLock, &lockHandle);
|
ExAcquireFastMutex(&cntx->listLock);
|
||||||
entry->guid = cntx->guidCounter++;
|
entry->guid = cntx->guidCounter++;
|
||||||
InsertTailList((PLIST_ENTRY)head, (PLIST_ENTRY)entry);
|
InsertTailList((PLIST_ENTRY)head, (PLIST_ENTRY)entry);
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&cntx->listLock);
|
||||||
|
|
||||||
*EntryId = entry->guid;
|
*EntryId = entry->guid;
|
||||||
|
|
||||||
@ -172,10 +172,10 @@ NTSTATUS RemoveExcludeListEntry(ExcludeContext Context, ExcludeEntryId EntryId)
|
|||||||
{
|
{
|
||||||
NTSTATUS status = STATUS_NOT_FOUND;
|
NTSTATUS status = STATUS_NOT_FOUND;
|
||||||
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
//KLOCK_QUEUE_HANDLE lockHandle;
|
||||||
PEXCLUDE_FILE_LIST_ENTRY entry;
|
PEXCLUDE_FILE_LIST_ENTRY entry;
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&cntx->listLock, &lockHandle);
|
ExAcquireFastMutex(&cntx->listLock);
|
||||||
|
|
||||||
entry = (PEXCLUDE_FILE_LIST_ENTRY)cntx->listHead.Flink;
|
entry = (PEXCLUDE_FILE_LIST_ENTRY)cntx->listHead.Flink;
|
||||||
while (entry != (PEXCLUDE_FILE_LIST_ENTRY)&cntx->listHead)
|
while (entry != (PEXCLUDE_FILE_LIST_ENTRY)&cntx->listHead)
|
||||||
@ -191,7 +191,7 @@ NTSTATUS RemoveExcludeListEntry(ExcludeContext Context, ExcludeEntryId EntryId)
|
|||||||
entry = (PEXCLUDE_FILE_LIST_ENTRY)entry->list.Flink;
|
entry = (PEXCLUDE_FILE_LIST_ENTRY)entry->list.Flink;
|
||||||
}
|
}
|
||||||
|
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&cntx->listLock);
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
@ -199,10 +199,10 @@ NTSTATUS RemoveExcludeListEntry(ExcludeContext Context, ExcludeEntryId EntryId)
|
|||||||
NTSTATUS RemoveAllExcludeListEntries(ExcludeContext Context)
|
NTSTATUS RemoveAllExcludeListEntries(ExcludeContext Context)
|
||||||
{
|
{
|
||||||
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
//KLOCK_QUEUE_HANDLE lockHandle;
|
||||||
PEXCLUDE_FILE_LIST_ENTRY entry;
|
PEXCLUDE_FILE_LIST_ENTRY entry;
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&cntx->listLock, &lockHandle);
|
ExAcquireFastMutex(&cntx->listLock);
|
||||||
|
|
||||||
entry = (PEXCLUDE_FILE_LIST_ENTRY)cntx->listHead.Flink;
|
entry = (PEXCLUDE_FILE_LIST_ENTRY)cntx->listHead.Flink;
|
||||||
while (entry != (PEXCLUDE_FILE_LIST_ENTRY)&cntx->listHead)
|
while (entry != (PEXCLUDE_FILE_LIST_ENTRY)&cntx->listHead)
|
||||||
@ -213,7 +213,7 @@ NTSTATUS RemoveAllExcludeListEntries(ExcludeContext Context)
|
|||||||
ExFreePoolWithTag(remove, EXCLUDE_ALLOC_TAG);
|
ExFreePoolWithTag(remove, EXCLUDE_ALLOC_TAG);
|
||||||
}
|
}
|
||||||
|
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&cntx->listLock);
|
||||||
|
|
||||||
return STATUS_SUCCESS;
|
return STATUS_SUCCESS;
|
||||||
}
|
}
|
||||||
@ -221,11 +221,11 @@ NTSTATUS RemoveAllExcludeListEntries(ExcludeContext Context)
|
|||||||
BOOLEAN CheckExcludeListFile(ExcludeContext Context, PCUNICODE_STRING Path)
|
BOOLEAN CheckExcludeListFile(ExcludeContext Context, PCUNICODE_STRING Path)
|
||||||
{
|
{
|
||||||
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
//KLOCK_QUEUE_HANDLE lockHandle;
|
||||||
PEXCLUDE_FILE_LIST_ENTRY entry;
|
PEXCLUDE_FILE_LIST_ENTRY entry;
|
||||||
BOOLEAN result = FALSE;
|
BOOLEAN result = FALSE;
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&cntx->listLock, &lockHandle);
|
ExAcquireFastMutex(&cntx->listLock);
|
||||||
|
|
||||||
entry = (PEXCLUDE_FILE_LIST_ENTRY)cntx->listHead.Flink;
|
entry = (PEXCLUDE_FILE_LIST_ENTRY)cntx->listHead.Flink;
|
||||||
while (entry != (PEXCLUDE_FILE_LIST_ENTRY)&cntx->listHead)
|
while (entry != (PEXCLUDE_FILE_LIST_ENTRY)&cntx->listHead)
|
||||||
@ -239,7 +239,7 @@ BOOLEAN CheckExcludeListFile(ExcludeContext Context, PCUNICODE_STRING Path)
|
|||||||
entry = (PEXCLUDE_FILE_LIST_ENTRY)entry->list.Flink;
|
entry = (PEXCLUDE_FILE_LIST_ENTRY)entry->list.Flink;
|
||||||
}
|
}
|
||||||
|
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&cntx->listLock);
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
@ -247,7 +247,7 @@ BOOLEAN CheckExcludeListFile(ExcludeContext Context, PCUNICODE_STRING Path)
|
|||||||
BOOLEAN CheckExcludeListDirectory(ExcludeContext Context, PCUNICODE_STRING Path)
|
BOOLEAN CheckExcludeListDirectory(ExcludeContext Context, PCUNICODE_STRING Path)
|
||||||
{
|
{
|
||||||
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
//KLOCK_QUEUE_HANDLE lockHandle;
|
||||||
PEXCLUDE_FILE_LIST_ENTRY entry;
|
PEXCLUDE_FILE_LIST_ENTRY entry;
|
||||||
UNICODE_STRING Directory, dir;
|
UNICODE_STRING Directory, dir;
|
||||||
BOOLEAN result = FALSE;
|
BOOLEAN result = FALSE;
|
||||||
@ -256,7 +256,7 @@ BOOLEAN CheckExcludeListDirectory(ExcludeContext Context, PCUNICODE_STRING Path)
|
|||||||
if (Directory.Length > 0 && Directory.Buffer[Directory.Length / sizeof(WCHAR) - 1] == L'\\')
|
if (Directory.Length > 0 && Directory.Buffer[Directory.Length / sizeof(WCHAR) - 1] == L'\\')
|
||||||
Directory.Length -= sizeof(WCHAR);
|
Directory.Length -= sizeof(WCHAR);
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&cntx->listLock, &lockHandle);
|
ExAcquireFastMutex(&cntx->listLock);
|
||||||
|
|
||||||
entry = (PEXCLUDE_FILE_LIST_ENTRY)cntx->listHead.Flink;
|
entry = (PEXCLUDE_FILE_LIST_ENTRY)cntx->listHead.Flink;
|
||||||
while (entry != (PEXCLUDE_FILE_LIST_ENTRY)&cntx->listHead)
|
while (entry != (PEXCLUDE_FILE_LIST_ENTRY)&cntx->listHead)
|
||||||
@ -285,7 +285,7 @@ BOOLEAN CheckExcludeListDirectory(ExcludeContext Context, PCUNICODE_STRING Path)
|
|||||||
entry = (PEXCLUDE_FILE_LIST_ENTRY)entry->list.Flink;
|
entry = (PEXCLUDE_FILE_LIST_ENTRY)entry->list.Flink;
|
||||||
}
|
}
|
||||||
|
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&cntx->listLock);
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
@ -293,7 +293,7 @@ BOOLEAN CheckExcludeListDirectory(ExcludeContext Context, PCUNICODE_STRING Path)
|
|||||||
BOOLEAN CheckExcludeListDirFile(ExcludeContext Context, PCUNICODE_STRING Dir, PCUNICODE_STRING File)
|
BOOLEAN CheckExcludeListDirFile(ExcludeContext Context, PCUNICODE_STRING Dir, PCUNICODE_STRING File)
|
||||||
{
|
{
|
||||||
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
//KLOCK_QUEUE_HANDLE lockHandle;
|
||||||
PEXCLUDE_FILE_LIST_ENTRY entry;
|
PEXCLUDE_FILE_LIST_ENTRY entry;
|
||||||
UNICODE_STRING Directory;
|
UNICODE_STRING Directory;
|
||||||
BOOLEAN result = FALSE;
|
BOOLEAN result = FALSE;
|
||||||
@ -303,7 +303,7 @@ BOOLEAN CheckExcludeListDirFile(ExcludeContext Context, PCUNICODE_STRING Dir, PC
|
|||||||
if (Directory.Length > 0 && Directory.Buffer[Directory.Length / sizeof(WCHAR) - 1] == L'\\')
|
if (Directory.Length > 0 && Directory.Buffer[Directory.Length / sizeof(WCHAR) - 1] == L'\\')
|
||||||
Directory.Length -= sizeof(WCHAR);
|
Directory.Length -= sizeof(WCHAR);
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&cntx->listLock, &lockHandle);
|
ExAcquireFastMutex(&cntx->listLock);
|
||||||
|
|
||||||
entry = (PEXCLUDE_FILE_LIST_ENTRY)cntx->listHead.Flink;
|
entry = (PEXCLUDE_FILE_LIST_ENTRY)cntx->listHead.Flink;
|
||||||
while (entry != (PEXCLUDE_FILE_LIST_ENTRY)&cntx->listHead)
|
while (entry != (PEXCLUDE_FILE_LIST_ENTRY)&cntx->listHead)
|
||||||
@ -318,7 +318,7 @@ BOOLEAN CheckExcludeListDirFile(ExcludeContext Context, PCUNICODE_STRING Dir, PC
|
|||||||
entry = (PEXCLUDE_FILE_LIST_ENTRY)entry->list.Flink;
|
entry = (PEXCLUDE_FILE_LIST_ENTRY)entry->list.Flink;
|
||||||
}
|
}
|
||||||
|
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&cntx->listLock);
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
@ -331,7 +331,7 @@ BOOLEAN CheckExcludeListRegKey(ExcludeContext Context, PUNICODE_STRING Key)
|
|||||||
BOOLEAN CheckExcludeListRegKeyValueName(ExcludeContext Context, PUNICODE_STRING Key, PUNICODE_STRING Name, PUINT32 Increament)
|
BOOLEAN CheckExcludeListRegKeyValueName(ExcludeContext Context, PUNICODE_STRING Key, PUNICODE_STRING Name, PUINT32 Increament)
|
||||||
{
|
{
|
||||||
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
//KLOCK_QUEUE_HANDLE lockHandle;
|
||||||
PEXCLUDE_FILE_LIST_ENTRY entry;
|
PEXCLUDE_FILE_LIST_ENTRY entry;
|
||||||
UNICODE_STRING Directory;
|
UNICODE_STRING Directory;
|
||||||
BOOLEAN result = FALSE;
|
BOOLEAN result = FALSE;
|
||||||
@ -342,7 +342,7 @@ BOOLEAN CheckExcludeListRegKeyValueName(ExcludeContext Context, PUNICODE_STRING
|
|||||||
if (Directory.Length > 0 && Directory.Buffer[Directory.Length / sizeof(WCHAR)-1] == L'\\')
|
if (Directory.Length > 0 && Directory.Buffer[Directory.Length / sizeof(WCHAR)-1] == L'\\')
|
||||||
Directory.Length -= sizeof(WCHAR);
|
Directory.Length -= sizeof(WCHAR);
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&cntx->listLock, &lockHandle);
|
ExAcquireFastMutex(&cntx->listLock);
|
||||||
|
|
||||||
entry = (PEXCLUDE_FILE_LIST_ENTRY)cntx->listHead.Flink;
|
entry = (PEXCLUDE_FILE_LIST_ENTRY)cntx->listHead.Flink;
|
||||||
while (entry != (PEXCLUDE_FILE_LIST_ENTRY)&cntx->listHead)
|
while (entry != (PEXCLUDE_FILE_LIST_ENTRY)&cntx->listHead)
|
||||||
@ -371,7 +371,7 @@ BOOLEAN CheckExcludeListRegKeyValueName(ExcludeContext Context, PUNICODE_STRING
|
|||||||
entry = (PEXCLUDE_FILE_LIST_ENTRY)entry->list.Flink;
|
entry = (PEXCLUDE_FILE_LIST_ENTRY)entry->list.Flink;
|
||||||
}
|
}
|
||||||
|
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&cntx->listLock);
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
@ -184,7 +184,10 @@ VOID CheckProcessFlags(PProcessTableEntry Entry, PCUNICODE_STRING ImgPath, HANDL
|
|||||||
RtlZeroMemory(&lookup, sizeof(lookup));
|
RtlZeroMemory(&lookup, sizeof(lookup));
|
||||||
|
|
||||||
Entry->inited = (!g_psMonitorInited ? TRUE : FALSE);
|
Entry->inited = (!g_psMonitorInited ? TRUE : FALSE);
|
||||||
Entry->subsystem = RtlEqualUnicodeString(&g_csrssPath, ImgPath, TRUE);
|
//if (Entry->processId == (HANDLE)4)
|
||||||
|
// Entry->subsystem = TRUE;
|
||||||
|
//else
|
||||||
|
Entry->subsystem = RtlEqualUnicodeString(&g_csrssPath, ImgPath, TRUE);
|
||||||
|
|
||||||
// Check exclude flag
|
// Check exclude flag
|
||||||
|
|
||||||
@ -337,7 +340,8 @@ BOOLEAN IsProcessExcluded(HANDLE ProcessId)
|
|||||||
if (!result)
|
if (!result)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
return entry.excluded;
|
//return ((entry.excluded || entry.subsystem) ? TRUE : FALSE);
|
||||||
|
return ((entry.excluded || ProcessId == (HANDLE)4) ? TRUE : FALSE);
|
||||||
}
|
}
|
||||||
|
|
||||||
BOOLEAN IsProcessProtected(HANDLE ProcessId)
|
BOOLEAN IsProcessProtected(HANDLE ProcessId)
|
||||||
|
@ -5,13 +5,6 @@
|
|||||||
; Enable driver if it's disabled
|
; Enable driver if it's disabled
|
||||||
/state on
|
/state on
|
||||||
|
|
||||||
; Cleanup configs
|
|
||||||
|
|
||||||
/unhide file all
|
|
||||||
/unhide dir all
|
|
||||||
/unhide regval all
|
|
||||||
/unhide regkey all
|
|
||||||
|
|
||||||
; Following config used for hidding VMWare components
|
; Following config used for hidding VMWare components
|
||||||
|
|
||||||
/hide dir "c:\Program Files\VMware"
|
/hide dir "c:\Program Files\VMware"
|
||||||
@ -28,22 +21,26 @@
|
|||||||
/hide regval "HKLM\Hardware\Description\System\BIOS\SystemManufacturer"
|
/hide regval "HKLM\Hardware\Description\System\BIOS\SystemManufacturer"
|
||||||
/hide regval "HKLM\Hardware\Description\System\BIOS\SystemProductName"
|
/hide regval "HKLM\Hardware\Description\System\BIOS\SystemProductName"
|
||||||
|
|
||||||
/ignore image inherit:none apply:forall "C:\Windows\System32\services.exe"
|
/ignore image inherit:none "C:\Windows\System32\services.exe"
|
||||||
/ignore image inherit:none apply:forall "C:\Windows\System32\csrss.exe"
|
/ignore image inherit:none "C:\Windows\System32\csrss.exe"
|
||||||
/ignore image inherit:none apply:forall "C:\Windows\System32\vssvc.exe"
|
/ignore image inherit:none "C:\Windows\System32\vssvc.exe"
|
||||||
/ignore image inherit:none apply:forall "C:\Windows\System32\spoolsv.exe"
|
/ignore image inherit:none "C:\Windows\System32\spoolsv.exe"
|
||||||
/ignore image inherit:none apply:forall "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe"
|
/ignore image inherit:none "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe"
|
||||||
/ignore image inherit:none apply:forall "C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe"
|
/ignore image inherit:none "C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe"
|
||||||
/ignore image inherit:none apply:forall "C:\Program Files\VMware\VMware Tools\rpctool.exe"
|
/ignore image inherit:none "C:\Program Files\VMware\VMware Tools\rpctool.exe"
|
||||||
/ignore image inherit:none apply:forall "C:\Program Files\VMware\VMware Tools\rvmSetup.exe"
|
/ignore image inherit:none "C:\Program Files\VMware\VMware Tools\rvmSetup.exe"
|
||||||
/ignore image inherit:none apply:forall "C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe"
|
/ignore image inherit:none "C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe"
|
||||||
/ignore image inherit:none apply:forall "C:\Program Files\VMware\VMware Tools\TPVCGateway.exe"
|
/ignore image inherit:none "C:\Program Files\VMware\VMware Tools\TPVCGateway.exe"
|
||||||
/ignore image inherit:none apply:forall "C:\Program Files\VMware\VMware Tools\VMwareHgfsClient.exe"
|
/ignore image inherit:none "C:\Program Files\VMware\VMware Tools\VMwareHgfsClient.exe"
|
||||||
/ignore image inherit:none apply:forall "C:\Program Files\VMware\VMware Tools\VMwareHostOpen.exe"
|
/ignore image inherit:none "C:\Program Files\VMware\VMware Tools\VMwareHostOpen.exe"
|
||||||
/ignore image inherit:none apply:forall "C:\Program Files\VMware\VMware Tools\VMwareResolutionSet.exe"
|
/ignore image inherit:none "C:\Program Files\VMware\VMware Tools\VMwareResolutionSet.exe"
|
||||||
/ignore image inherit:none apply:forall "C:\Program Files\VMware\VMware Tools\VMwareToolboxCmd.exe"
|
/ignore image inherit:none "C:\Program Files\VMware\VMware Tools\VMwareToolboxCmd.exe"
|
||||||
/ignore image inherit:none apply:forall "C:\Program Files\VMware\VMware Tools\VMwareXferlogs.exe"
|
/ignore image inherit:none "C:\Program Files\VMware\VMware Tools\VMwareXferlogs.exe"
|
||||||
/ignore image inherit:none apply:forall "C:\Program Files\VMware\VMware Tools\zip.exe"
|
/ignore image inherit:none "C:\Program Files\VMware\VMware Tools\zip.exe"
|
||||||
|
|
||||||
|
/protect image inherit:none "C:\Windows\System32\services.exe"
|
||||||
|
/protect image inherit:none "C:\Windows\System32\csrss.exe"
|
||||||
|
/protect image inherit:none "C:\Windows\System32\lsass.exe"
|
||||||
|
|
||||||
; Isn't supported yet
|
; Isn't supported yet
|
||||||
; /stealth on "my_stealth_gate"
|
; /stealth on "my_stealth_gate"
|
||||||
|
Loading…
Reference in New Issue
Block a user