Mirrors/hidden
6
0
Fork 0
mirror of https://github.com/JKornev/hidden synced 2024-06-25 00:18:04 +00:00
Code Issues Projects Releases Wiki Activity

Fixed compilation errors on x64 arch

Browse Source
This commit is contained in:
JKornev 2021-07-05 01:30:08 +03:00
parent d9f2e018ca
commit 7e1d00c2dd
2 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Hidden/Helper.h
View File

@ -79,7 +79,7 @@ VOID FreeInformation(PVOID Buffer);
NTSTATUS NormalizeDevicePath(PCUNICODE_STRING Path, PUNICODE_STRING Normalized);
#define _LogMsg(lvl, lvlname, frmt, ...) DbgPrintEx(DPFLTR_IHVDRIVER_ID, lvl , "hidden!" __FUNCTION__ "[irql:%d,pid:%d][" lvlname "]: " frmt "\n", (ULONG)KeGetCurrentIrql(), (ULONG)PsGetCurrentProcessId(), __VA_ARGS__)
#define _LogMsg(lvl, lvlname, frmt, ...) DbgPrintEx(DPFLTR_IHVDRIVER_ID, lvl , "hidden!" __FUNCTION__ "[irql:%d,pid:%tu][" lvlname "]: " frmt "\n", (ULONG)KeGetCurrentIrql(), (ULONG_PTR)PsGetCurrentProcessId(), __VA_ARGS__)
#define LogError(frmt, ...) _LogMsg(DPFLTR_ERROR_LEVEL, "error", frmt, __VA_ARGS__)
#define LogWarning(frmt, ...) _LogMsg(DPFLTR_WARNING_LEVEL, "warning", frmt, __VA_ARGS__)

16
Hidden/PsMonitor.c
View File

@ -129,11 +129,11 @@ OB_PREOP_CALLBACK_STATUS ProcessPreCallback(PVOID RegistrationContext, POB_PRE_O
if (!CheckProtectedOperation(PsGetCurrentProcessId(), PsGetProcessId(OperationInformation->Object)))
{
LogInfo("Allow protected process access from %d to %d", (ULONG)PsGetCurrentProcessId(), (ULONG)PsGetProcessId(OperationInformation->Object));
LogInfo("Allow protected process access from %tu to %tu", (ULONG_PTR)PsGetCurrentProcessId(), (ULONG_PTR)PsGetProcessId(OperationInformation->Object));
return OB_PREOP_SUCCESS;
}
LogTrace("Disallow protected process access from %d to %d", (ULONG)PsGetCurrentProcessId(), (ULONG)PsGetProcessId(OperationInformation->Object));
LogTrace("Disallow protected process access from %tu to %tu", (ULONG_PTR)PsGetCurrentProcessId(), (ULONG_PTR)PsGetProcessId(OperationInformation->Object));
if (OperationInformation->Operation == OB_OPERATION_HANDLE_CREATE)
OperationInformation->Parameters->CreateHandleInformation.DesiredAccess = (SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION);
@ -153,21 +153,21 @@ OB_PREOP_CALLBACK_STATUS ThreadPreCallback(PVOID RegistrationContext, POB_PRE_OP
if (OperationInformation->KernelHandle)
return OB_PREOP_SUCCESS;
LogInfo("Thread object operation, destPid:%d, destTid:%d, srcPid:%d, oper:%s, space:%s",
(ULONG)PsGetThreadProcessId(OperationInformation->Object),
(ULONG)PsGetThreadId(OperationInformation->Object),
(ULONG)PsGetCurrentProcessId(),
LogInfo("Thread object operation, destPid:%tu, destTid:%tu, srcPid:%tu, oper:%s, space:%s",
(ULONG_PTR)PsGetThreadProcessId(OperationInformation->Object),
(ULONG_PTR)PsGetThreadId(OperationInformation->Object),
(ULONG_PTR)PsGetCurrentProcessId(),
(OperationInformation->Operation == OB_OPERATION_HANDLE_CREATE ? "create" : "dup"),
(OperationInformation->KernelHandle ? "kernel" : "user")
);
if (!CheckProtectedOperation(PsGetCurrentProcessId(), PsGetThreadProcessId(OperationInformation->Object)))
{
LogInfo("Allow protected thread access from %d to %d", (ULONG)PsGetCurrentProcessId(), (ULONG)PsGetThreadProcessId(OperationInformation->Object));
LogInfo("Allow protected thread access from %tu to %tu", (ULONG_PTR)PsGetCurrentProcessId(), (ULONG_PTR)PsGetThreadProcessId(OperationInformation->Object));
return OB_PREOP_SUCCESS;
}
LogTrace("Disallow protected thread access from %d to %d", (ULONG)PsGetCurrentProcessId(), (ULONG)PsGetThreadProcessId(OperationInformation->Object));
LogTrace("Disallow protected thread access from %tu to %tu", (ULONG_PTR)PsGetCurrentProcessId(), (ULONG_PTR)PsGetThreadProcessId(OperationInformation->Object));
if (OperationInformation->Operation == OB_OPERATION_HANDLE_CREATE)
OperationInformation->Parameters->CreateHandleInformation.DesiredAccess = (SYNCHRONIZE | THREAD_QUERY_LIMITED_INFORMATION);