mirror of
https://github.com/JKornev/hidden
synced 2024-06-28 09:52:05 +00:00
Fix for possible IRQL violations
This commit is contained in:
parent
67355c72c4
commit
fbae5ffa57
@ -94,7 +94,6 @@ NTSTATUS AddExcludeListEntry(ExcludeContext Context, PUNICODE_STRING FilePath, U
|
|||||||
{
|
{
|
||||||
enum { MAX_PATH_SIZE = 1024 };
|
enum { MAX_PATH_SIZE = 1024 };
|
||||||
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
||||||
//KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
PEXCLUDE_FILE_LIST_ENTRY entry, head;
|
PEXCLUDE_FILE_LIST_ENTRY entry, head;
|
||||||
UNICODE_STRING temp;
|
UNICODE_STRING temp;
|
||||||
SIZE_T size;
|
SIZE_T size;
|
||||||
@ -172,7 +171,6 @@ NTSTATUS RemoveExcludeListEntry(ExcludeContext Context, ExcludeEntryId EntryId)
|
|||||||
{
|
{
|
||||||
NTSTATUS status = STATUS_NOT_FOUND;
|
NTSTATUS status = STATUS_NOT_FOUND;
|
||||||
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
||||||
//KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
PEXCLUDE_FILE_LIST_ENTRY entry;
|
PEXCLUDE_FILE_LIST_ENTRY entry;
|
||||||
|
|
||||||
ExAcquireFastMutex(&cntx->listLock);
|
ExAcquireFastMutex(&cntx->listLock);
|
||||||
@ -199,7 +197,6 @@ NTSTATUS RemoveExcludeListEntry(ExcludeContext Context, ExcludeEntryId EntryId)
|
|||||||
NTSTATUS RemoveAllExcludeListEntries(ExcludeContext Context)
|
NTSTATUS RemoveAllExcludeListEntries(ExcludeContext Context)
|
||||||
{
|
{
|
||||||
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
||||||
//KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
PEXCLUDE_FILE_LIST_ENTRY entry;
|
PEXCLUDE_FILE_LIST_ENTRY entry;
|
||||||
|
|
||||||
ExAcquireFastMutex(&cntx->listLock);
|
ExAcquireFastMutex(&cntx->listLock);
|
||||||
@ -221,7 +218,6 @@ NTSTATUS RemoveAllExcludeListEntries(ExcludeContext Context)
|
|||||||
BOOLEAN CheckExcludeListFile(ExcludeContext Context, PCUNICODE_STRING Path)
|
BOOLEAN CheckExcludeListFile(ExcludeContext Context, PCUNICODE_STRING Path)
|
||||||
{
|
{
|
||||||
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
||||||
//KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
PEXCLUDE_FILE_LIST_ENTRY entry;
|
PEXCLUDE_FILE_LIST_ENTRY entry;
|
||||||
BOOLEAN result = FALSE;
|
BOOLEAN result = FALSE;
|
||||||
|
|
||||||
@ -247,7 +243,6 @@ BOOLEAN CheckExcludeListFile(ExcludeContext Context, PCUNICODE_STRING Path)
|
|||||||
BOOLEAN CheckExcludeListDirectory(ExcludeContext Context, PCUNICODE_STRING Path)
|
BOOLEAN CheckExcludeListDirectory(ExcludeContext Context, PCUNICODE_STRING Path)
|
||||||
{
|
{
|
||||||
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
||||||
//KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
PEXCLUDE_FILE_LIST_ENTRY entry;
|
PEXCLUDE_FILE_LIST_ENTRY entry;
|
||||||
UNICODE_STRING Directory, dir;
|
UNICODE_STRING Directory, dir;
|
||||||
BOOLEAN result = FALSE;
|
BOOLEAN result = FALSE;
|
||||||
@ -293,7 +288,6 @@ BOOLEAN CheckExcludeListDirectory(ExcludeContext Context, PCUNICODE_STRING Path)
|
|||||||
BOOLEAN CheckExcludeListDirFile(ExcludeContext Context, PCUNICODE_STRING Dir, PCUNICODE_STRING File)
|
BOOLEAN CheckExcludeListDirFile(ExcludeContext Context, PCUNICODE_STRING Dir, PCUNICODE_STRING File)
|
||||||
{
|
{
|
||||||
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
||||||
//KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
PEXCLUDE_FILE_LIST_ENTRY entry;
|
PEXCLUDE_FILE_LIST_ENTRY entry;
|
||||||
UNICODE_STRING Directory;
|
UNICODE_STRING Directory;
|
||||||
BOOLEAN result = FALSE;
|
BOOLEAN result = FALSE;
|
||||||
@ -331,7 +325,6 @@ BOOLEAN CheckExcludeListRegKey(ExcludeContext Context, PUNICODE_STRING Key)
|
|||||||
BOOLEAN CheckExcludeListRegKeyValueName(ExcludeContext Context, PUNICODE_STRING Key, PUNICODE_STRING Name, PUINT32 Increament)
|
BOOLEAN CheckExcludeListRegKeyValueName(ExcludeContext Context, PUNICODE_STRING Key, PUNICODE_STRING Name, PUINT32 Increament)
|
||||||
{
|
{
|
||||||
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
PEXCLUDE_FILE_CONTEXT cntx = (PEXCLUDE_FILE_CONTEXT)Context;
|
||||||
//KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
PEXCLUDE_FILE_LIST_ENTRY entry;
|
PEXCLUDE_FILE_LIST_ENTRY entry;
|
||||||
UNICODE_STRING Directory;
|
UNICODE_STRING Directory;
|
||||||
BOOLEAN result = FALSE;
|
BOOLEAN result = FALSE;
|
||||||
|
@ -18,7 +18,7 @@ OB_CALLBACK_REGISTRATION g_regCallback;
|
|||||||
PsRulesContext g_excludeProcessRules;
|
PsRulesContext g_excludeProcessRules;
|
||||||
PsRulesContext g_protectProcessRules;
|
PsRulesContext g_protectProcessRules;
|
||||||
|
|
||||||
KSPIN_LOCK g_processTableLock;
|
FAST_MUTEX g_processTableLock;
|
||||||
|
|
||||||
typedef struct _ProcessListEntry {
|
typedef struct _ProcessListEntry {
|
||||||
LPCWSTR path;
|
LPCWSTR path;
|
||||||
@ -47,7 +47,6 @@ WCHAR g_csrssPathBuffer[CSRSS_PAHT_BUFFER_SIZE];
|
|||||||
BOOLEAN CheckProtectedOperation(HANDLE Source, HANDLE Destination)
|
BOOLEAN CheckProtectedOperation(HANDLE Source, HANDLE Destination)
|
||||||
{
|
{
|
||||||
ProcessTableEntry srcInfo, destInfo;
|
ProcessTableEntry srcInfo, destInfo;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
BOOLEAN result;
|
BOOLEAN result;
|
||||||
|
|
||||||
if (Source == Destination)
|
if (Source == Destination)
|
||||||
@ -55,9 +54,9 @@ BOOLEAN CheckProtectedOperation(HANDLE Source, HANDLE Destination)
|
|||||||
|
|
||||||
srcInfo.processId = Source;
|
srcInfo.processId = Source;
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&g_processTableLock, &lockHandle);
|
ExAcquireFastMutex(&g_processTableLock);
|
||||||
result = GetProcessInProcessTable(&srcInfo);
|
result = GetProcessInProcessTable(&srcInfo);
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (!result)
|
if (!result)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
@ -67,11 +66,11 @@ BOOLEAN CheckProtectedOperation(HANDLE Source, HANDLE Destination)
|
|||||||
// Spinlock is locked once for both Get\Update process table functions
|
// Spinlock is locked once for both Get\Update process table functions
|
||||||
// because we want to prevent situations when another thread can change
|
// because we want to prevent situations when another thread can change
|
||||||
// any state of process beetwen get and update functions on this place
|
// any state of process beetwen get and update functions on this place
|
||||||
KeAcquireInStackQueuedSpinLock(&g_processTableLock, &lockHandle);
|
ExAcquireFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (!GetProcessInProcessTable(&destInfo))
|
if (!GetProcessInProcessTable(&destInfo))
|
||||||
{
|
{
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -88,7 +87,7 @@ BOOLEAN CheckProtectedOperation(HANDLE Source, HANDLE Destination)
|
|||||||
result = FALSE;
|
result = FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (!result)
|
if (!result)
|
||||||
DbgPrint("FsFilter1!" __FUNCTION__ ": can't update initial state for process: %d\n", destInfo.processId);
|
DbgPrint("FsFilter1!" __FUNCTION__ ": can't update initial state for process: %d\n", destInfo.processId);
|
||||||
@ -96,7 +95,7 @@ BOOLEAN CheckProtectedOperation(HANDLE Source, HANDLE Destination)
|
|||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (!destInfo.protected)
|
if (!destInfo.protected)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
@ -178,7 +177,6 @@ VOID CheckProcessFlags(PProcessTableEntry Entry, PCUNICODE_STRING ImgPath, HANDL
|
|||||||
{
|
{
|
||||||
ProcessTableEntry lookup;
|
ProcessTableEntry lookup;
|
||||||
ULONG inheritType;
|
ULONG inheritType;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
BOOLEAN result;
|
BOOLEAN result;
|
||||||
|
|
||||||
RtlZeroMemory(&lookup, sizeof(lookup));
|
RtlZeroMemory(&lookup, sizeof(lookup));
|
||||||
@ -203,9 +201,9 @@ VOID CheckProcessFlags(PProcessTableEntry Entry, PCUNICODE_STRING ImgPath, HANDL
|
|||||||
{
|
{
|
||||||
lookup.processId = ParentId;
|
lookup.processId = ParentId;
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&g_processTableLock, &lockHandle);
|
ExAcquireFastMutex(&g_processTableLock);
|
||||||
result = GetProcessInProcessTable(&lookup);
|
result = GetProcessInProcessTable(&lookup);
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (result)
|
if (result)
|
||||||
{
|
{
|
||||||
@ -236,9 +234,9 @@ VOID CheckProcessFlags(PProcessTableEntry Entry, PCUNICODE_STRING ImgPath, HANDL
|
|||||||
{
|
{
|
||||||
lookup.processId = ParentId;
|
lookup.processId = ParentId;
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&g_processTableLock, &lockHandle);
|
ExAcquireFastMutex(&g_processTableLock);
|
||||||
result = GetProcessInProcessTable(&lookup);
|
result = GetProcessInProcessTable(&lookup);
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (result)
|
if (result)
|
||||||
{
|
{
|
||||||
@ -259,7 +257,6 @@ VOID CheckProcessFlags(PProcessTableEntry Entry, PCUNICODE_STRING ImgPath, HANDL
|
|||||||
VOID CreateProcessNotifyCallback(PEPROCESS Process, HANDLE ProcessId, PPS_CREATE_NOTIFY_INFO CreateInfo)
|
VOID CreateProcessNotifyCallback(PEPROCESS Process, HANDLE ProcessId, PPS_CREATE_NOTIFY_INFO CreateInfo)
|
||||||
{
|
{
|
||||||
ProcessTableEntry entry;
|
ProcessTableEntry entry;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
BOOLEAN result;
|
BOOLEAN result;
|
||||||
|
|
||||||
UNREFERENCED_PARAMETER(Process);
|
UNREFERENCED_PARAMETER(Process);
|
||||||
@ -304,9 +301,9 @@ VOID CreateProcessNotifyCallback(PEPROCESS Process, HANDLE ProcessId, PPS_CREATE
|
|||||||
if (entry.protected)
|
if (entry.protected)
|
||||||
DbgPrint("FsFilter1!" __FUNCTION__ ": protected process:%d\n", ProcessId);
|
DbgPrint("FsFilter1!" __FUNCTION__ ": protected process:%d\n", ProcessId);
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&g_processTableLock, &lockHandle);
|
ExAcquireFastMutex(&g_processTableLock);
|
||||||
result = AddProcessToProcessTable(&entry);
|
result = AddProcessToProcessTable(&entry);
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (!result)
|
if (!result)
|
||||||
DbgPrint("FsFilter1!" __FUNCTION__ ": can't add process(pid:%d) to process table\n", ProcessId);
|
DbgPrint("FsFilter1!" __FUNCTION__ ": can't add process(pid:%d) to process table\n", ProcessId);
|
||||||
@ -315,9 +312,9 @@ VOID CreateProcessNotifyCallback(PEPROCESS Process, HANDLE ProcessId, PPS_CREATE
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
KeAcquireInStackQueuedSpinLock(&g_processTableLock, &lockHandle);
|
ExAcquireFastMutex(&g_processTableLock);
|
||||||
result = RemoveProcessFromProcessTable(&entry);
|
result = RemoveProcessFromProcessTable(&entry);
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (!result)
|
if (!result)
|
||||||
DbgPrint("FsFilter1!" __FUNCTION__ ": can't remove process(pid:%d) from process table\n", ProcessId);
|
DbgPrint("FsFilter1!" __FUNCTION__ ": can't remove process(pid:%d) from process table\n", ProcessId);
|
||||||
@ -328,14 +325,13 @@ VOID CreateProcessNotifyCallback(PEPROCESS Process, HANDLE ProcessId, PPS_CREATE
|
|||||||
BOOLEAN IsProcessExcluded(HANDLE ProcessId)
|
BOOLEAN IsProcessExcluded(HANDLE ProcessId)
|
||||||
{
|
{
|
||||||
ProcessTableEntry entry;
|
ProcessTableEntry entry;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
BOOLEAN result;
|
BOOLEAN result;
|
||||||
|
|
||||||
entry.processId = ProcessId;
|
entry.processId = ProcessId;
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&g_processTableLock, &lockHandle);
|
ExAcquireFastMutex(&g_processTableLock);
|
||||||
result = GetProcessInProcessTable(&entry);
|
result = GetProcessInProcessTable(&entry);
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (!result)
|
if (!result)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
@ -347,14 +343,13 @@ BOOLEAN IsProcessExcluded(HANDLE ProcessId)
|
|||||||
BOOLEAN IsProcessProtected(HANDLE ProcessId)
|
BOOLEAN IsProcessProtected(HANDLE ProcessId)
|
||||||
{
|
{
|
||||||
ProcessTableEntry entry;
|
ProcessTableEntry entry;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
BOOLEAN result;
|
BOOLEAN result;
|
||||||
|
|
||||||
entry.processId = ProcessId;
|
entry.processId = ProcessId;
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&g_processTableLock, &lockHandle);
|
ExAcquireFastMutex(&g_processTableLock);
|
||||||
result = GetProcessInProcessTable(&entry);
|
result = GetProcessInProcessTable(&entry);
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (!result)
|
if (!result)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
@ -535,7 +530,7 @@ NTSTATUS InitializePsMonitor(PDRIVER_OBJECT DriverObject)
|
|||||||
|
|
||||||
// Process table
|
// Process table
|
||||||
|
|
||||||
KeInitializeSpinLock(&g_processTableLock);
|
ExInitializeFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
status = InitializeProcessTable(CheckProcessFlags);
|
status = InitializeProcessTable(CheckProcessFlags);
|
||||||
if (!NT_SUCCESS(status))
|
if (!NT_SUCCESS(status))
|
||||||
@ -591,8 +586,6 @@ NTSTATUS InitializePsMonitor(PDRIVER_OBJECT DriverObject)
|
|||||||
|
|
||||||
NTSTATUS DestroyPsMonitor()
|
NTSTATUS DestroyPsMonitor()
|
||||||
{
|
{
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
|
|
||||||
if (!g_psMonitorInited)
|
if (!g_psMonitorInited)
|
||||||
return STATUS_ALREADY_DISCONNECTED;
|
return STATUS_ALREADY_DISCONNECTED;
|
||||||
|
|
||||||
@ -607,9 +600,9 @@ NTSTATUS DestroyPsMonitor()
|
|||||||
DestroyPsRuleListContext(g_excludeProcessRules);
|
DestroyPsRuleListContext(g_excludeProcessRules);
|
||||||
DestroyPsRuleListContext(g_protectProcessRules);
|
DestroyPsRuleListContext(g_protectProcessRules);
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&g_processTableLock, &lockHandle);
|
ExAcquireFastMutex(&g_processTableLock);
|
||||||
DestroyProcessTable();
|
DestroyProcessTable();
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
g_psMonitorInited = FALSE;
|
g_psMonitorInited = FALSE;
|
||||||
|
|
||||||
@ -638,7 +631,6 @@ NTSTATUS SetStateForProcessesByImage(PCUNICODE_STRING ImagePath, BOOLEAN Exclude
|
|||||||
OBJECT_ATTRIBUTES attribs;
|
OBJECT_ATTRIBUTES attribs;
|
||||||
PUNICODE_STRING procName;
|
PUNICODE_STRING procName;
|
||||||
ProcessTableEntry entry;
|
ProcessTableEntry entry;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
|
|
||||||
processInfo = (PSYSTEM_PROCESS_INFORMATION)((SIZE_T)processInfo + offset);
|
processInfo = (PSYSTEM_PROCESS_INFORMATION)((SIZE_T)processInfo + offset);
|
||||||
|
|
||||||
@ -678,7 +670,7 @@ NTSTATUS SetStateForProcessesByImage(PCUNICODE_STRING ImagePath, BOOLEAN Exclude
|
|||||||
// Spinlock is locked once for both Get\Update process table functions
|
// Spinlock is locked once for both Get\Update process table functions
|
||||||
// because we want to prevent situations when another thread can change
|
// because we want to prevent situations when another thread can change
|
||||||
// any state of process beetwen get and update functions on this place
|
// any state of process beetwen get and update functions on this place
|
||||||
KeAcquireInStackQueuedSpinLock(&g_processTableLock, &lockHandle);
|
ExAcquireFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (GetProcessInProcessTable(&entry))
|
if (GetProcessInProcessTable(&entry))
|
||||||
{
|
{
|
||||||
@ -698,7 +690,7 @@ NTSTATUS SetStateForProcessesByImage(PCUNICODE_STRING ImagePath, BOOLEAN Exclude
|
|||||||
result = FALSE;
|
result = FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (!result)
|
if (!result)
|
||||||
DbgPrint("FsFilter1!" __FUNCTION__ ": can't update process %d\n", processInfo->ProcessId);
|
DbgPrint("FsFilter1!" __FUNCTION__ ": can't update process %d\n", processInfo->ProcessId);
|
||||||
@ -750,14 +742,13 @@ NTSTATUS AddProtectedImage(PUNICODE_STRING ImagePath, ULONG InheritType, BOOLEAN
|
|||||||
NTSTATUS GetProtectedProcessState(HANDLE ProcessId, PULONG InheritType, PBOOLEAN Enable)
|
NTSTATUS GetProtectedProcessState(HANDLE ProcessId, PULONG InheritType, PBOOLEAN Enable)
|
||||||
{
|
{
|
||||||
ProcessTableEntry entry;
|
ProcessTableEntry entry;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
BOOLEAN result;
|
BOOLEAN result;
|
||||||
|
|
||||||
entry.processId = ProcessId;
|
entry.processId = ProcessId;
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&g_processTableLock, &lockHandle);
|
ExAcquireFastMutex(&g_processTableLock);
|
||||||
result = GetProcessInProcessTable(&entry);
|
result = GetProcessInProcessTable(&entry);
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (!result)
|
if (!result)
|
||||||
return STATUS_NOT_FOUND;
|
return STATUS_NOT_FOUND;
|
||||||
@ -772,14 +763,13 @@ NTSTATUS SetProtectedProcessState(HANDLE ProcessId, ULONG InheritType, BOOLEAN E
|
|||||||
{
|
{
|
||||||
NTSTATUS status = STATUS_SUCCESS;
|
NTSTATUS status = STATUS_SUCCESS;
|
||||||
ProcessTableEntry entry;
|
ProcessTableEntry entry;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
BOOLEAN result;
|
BOOLEAN result;
|
||||||
|
|
||||||
entry.processId = ProcessId;
|
entry.processId = ProcessId;
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&g_processTableLock, &lockHandle);
|
ExAcquireFastMutex(&g_processTableLock);
|
||||||
result = GetProcessInProcessTable(&entry);
|
result = GetProcessInProcessTable(&entry);
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (!result)
|
if (!result)
|
||||||
return STATUS_NOT_FOUND;
|
return STATUS_NOT_FOUND;
|
||||||
@ -794,9 +784,9 @@ NTSTATUS SetProtectedProcessState(HANDLE ProcessId, ULONG InheritType, BOOLEAN E
|
|||||||
entry.protected = FALSE;
|
entry.protected = FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&g_processTableLock, &lockHandle);
|
ExAcquireFastMutex(&g_processTableLock);
|
||||||
result = UpdateProcessInProcessTable(&entry);
|
result = UpdateProcessInProcessTable(&entry);
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (!result)
|
if (!result)
|
||||||
return STATUS_NOT_FOUND;
|
return STATUS_NOT_FOUND;
|
||||||
@ -852,14 +842,13 @@ NTSTATUS AddExcludedImage(PUNICODE_STRING ImagePath, ULONG InheritType, BOOLEAN
|
|||||||
NTSTATUS GetExcludedProcessState(HANDLE ProcessId, PULONG InheritType, PBOOLEAN Enable)
|
NTSTATUS GetExcludedProcessState(HANDLE ProcessId, PULONG InheritType, PBOOLEAN Enable)
|
||||||
{
|
{
|
||||||
ProcessTableEntry entry;
|
ProcessTableEntry entry;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
BOOLEAN result;
|
BOOLEAN result;
|
||||||
|
|
||||||
entry.processId = ProcessId;
|
entry.processId = ProcessId;
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&g_processTableLock, &lockHandle);
|
ExAcquireFastMutex(&g_processTableLock);
|
||||||
result = GetProcessInProcessTable(&entry);
|
result = GetProcessInProcessTable(&entry);
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (!result)
|
if (!result)
|
||||||
return STATUS_NOT_FOUND;
|
return STATUS_NOT_FOUND;
|
||||||
@ -874,14 +863,13 @@ NTSTATUS SetExcludedProcessState(HANDLE ProcessId, ULONG InheritType, BOOLEAN En
|
|||||||
{
|
{
|
||||||
NTSTATUS status = STATUS_SUCCESS;
|
NTSTATUS status = STATUS_SUCCESS;
|
||||||
ProcessTableEntry entry;
|
ProcessTableEntry entry;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
BOOLEAN result;
|
BOOLEAN result;
|
||||||
|
|
||||||
entry.processId = ProcessId;
|
entry.processId = ProcessId;
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&g_processTableLock, &lockHandle);
|
ExAcquireFastMutex(&g_processTableLock);
|
||||||
result = GetProcessInProcessTable(&entry);
|
result = GetProcessInProcessTable(&entry);
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (!result)
|
if (!result)
|
||||||
return STATUS_NOT_FOUND;
|
return STATUS_NOT_FOUND;
|
||||||
@ -896,9 +884,9 @@ NTSTATUS SetExcludedProcessState(HANDLE ProcessId, ULONG InheritType, BOOLEAN En
|
|||||||
entry.excluded = FALSE;
|
entry.excluded = FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&g_processTableLock, &lockHandle);
|
ExAcquireFastMutex(&g_processTableLock);
|
||||||
result = UpdateProcessInProcessTable(&entry);
|
result = UpdateProcessInProcessTable(&entry);
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&g_processTableLock);
|
||||||
|
|
||||||
if (!result)
|
if (!result)
|
||||||
return STATUS_NOT_FOUND;
|
return STATUS_NOT_FOUND;
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
typedef struct _PsRulesInternalContext {
|
typedef struct _PsRulesInternalContext {
|
||||||
RTL_AVL_TABLE table;
|
RTL_AVL_TABLE table;
|
||||||
ULONGLONG idCounter;
|
ULONGLONG idCounter;
|
||||||
KSPIN_LOCK tableLock;
|
FAST_MUTEX tableLock;
|
||||||
} PsRulesInternalContext, *PPsRulesInternalContext;
|
} PsRulesInternalContext, *PPsRulesInternalContext;
|
||||||
|
|
||||||
RTL_GENERIC_COMPARE_RESULTS ComparePsRuleEntry(struct _RTL_AVL_TABLE *Table, PVOID FirstStruct, PVOID SecondStruct)
|
RTL_GENERIC_COMPARE_RESULTS ComparePsRuleEntry(struct _RTL_AVL_TABLE *Table, PVOID FirstStruct, PVOID SecondStruct)
|
||||||
@ -52,7 +52,7 @@ NTSTATUS InitializePsRuleListContext(PPsRulesContext pRuleContext)
|
|||||||
}
|
}
|
||||||
|
|
||||||
context->idCounter = 1;
|
context->idCounter = 1;
|
||||||
KeInitializeSpinLock(&context->tableLock);
|
ExInitializeFastMutex(&context->tableLock);
|
||||||
RtlInitializeGenericTableAvl(&context->table, ComparePsRuleEntry, AllocatePsRuleEntry, FreePsRuleEntry, NULL);
|
RtlInitializeGenericTableAvl(&context->table, ComparePsRuleEntry, AllocatePsRuleEntry, FreePsRuleEntry, NULL);
|
||||||
|
|
||||||
*pRuleContext = context;
|
*pRuleContext = context;
|
||||||
@ -68,7 +68,6 @@ VOID DestroyPsRuleListContext(PsRulesContext RuleContext)
|
|||||||
NTSTATUS AddRuleToPsRuleList(PsRulesContext RuleContext, PUNICODE_STRING ImgPath, ULONG InheritType, PPsRuleEntryId EntryId)
|
NTSTATUS AddRuleToPsRuleList(PsRulesContext RuleContext, PUNICODE_STRING ImgPath, ULONG InheritType, PPsRuleEntryId EntryId)
|
||||||
{
|
{
|
||||||
PPsRulesInternalContext context = (PPsRulesInternalContext)RuleContext;
|
PPsRulesInternalContext context = (PPsRulesInternalContext)RuleContext;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
NTSTATUS status = STATUS_SUCCESS;
|
NTSTATUS status = STATUS_SUCCESS;
|
||||||
ULONGLONG guid;
|
ULONGLONG guid;
|
||||||
PPsRuleEntry entry;
|
PPsRuleEntry entry;
|
||||||
@ -97,11 +96,11 @@ NTSTATUS AddRuleToPsRuleList(PsRulesContext RuleContext, PUNICODE_STRING ImgPath
|
|||||||
entry->imagePath.MaximumLength = ImgPath->Length;
|
entry->imagePath.MaximumLength = ImgPath->Length;
|
||||||
RtlCopyUnicodeString(&entry->imagePath, ImgPath);
|
RtlCopyUnicodeString(&entry->imagePath, ImgPath);
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&context->tableLock, &lockHandle);
|
ExAcquireFastMutex(&context->tableLock);
|
||||||
guid = context->idCounter++;
|
guid = context->idCounter++;
|
||||||
entry->guid = guid;
|
entry->guid = guid;
|
||||||
buf = RtlInsertElementGenericTableAvl(&context->table, entry, entryLen, &newElem);
|
buf = RtlInsertElementGenericTableAvl(&context->table, entry, entryLen, &newElem);
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&context->tableLock);
|
||||||
|
|
||||||
if (!buf)
|
if (!buf)
|
||||||
{
|
{
|
||||||
@ -123,11 +122,10 @@ NTSTATUS RemoveRuleFromPsRuleList(PsRulesContext RuleContext, PsRuleEntryId Entr
|
|||||||
{
|
{
|
||||||
PPsRulesInternalContext context = (PPsRulesInternalContext)RuleContext;
|
PPsRulesInternalContext context = (PPsRulesInternalContext)RuleContext;
|
||||||
NTSTATUS status = STATUS_NOT_FOUND;
|
NTSTATUS status = STATUS_NOT_FOUND;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
PPsRuleEntry entry;
|
PPsRuleEntry entry;
|
||||||
PVOID restartKey = NULL;
|
PVOID restartKey = NULL;
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&context->tableLock, &lockHandle);
|
ExAcquireFastMutex(&context->tableLock);
|
||||||
|
|
||||||
for (entry = RtlEnumerateGenericTableWithoutSplayingAvl(&context->table, &restartKey);
|
for (entry = RtlEnumerateGenericTableWithoutSplayingAvl(&context->table, &restartKey);
|
||||||
entry != NULL;
|
entry != NULL;
|
||||||
@ -143,7 +141,7 @@ NTSTATUS RemoveRuleFromPsRuleList(PsRulesContext RuleContext, PsRuleEntryId Entr
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&context->tableLock);
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
@ -152,11 +150,10 @@ NTSTATUS RemoveAllRulesFromPsRuleList(PsRulesContext RuleContext)
|
|||||||
{
|
{
|
||||||
PPsRulesInternalContext context = (PPsRulesInternalContext)RuleContext;
|
PPsRulesInternalContext context = (PPsRulesInternalContext)RuleContext;
|
||||||
NTSTATUS status = STATUS_SUCCESS;
|
NTSTATUS status = STATUS_SUCCESS;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
PPsRuleEntry entry;
|
PPsRuleEntry entry;
|
||||||
PVOID restartKey = NULL;
|
PVOID restartKey = NULL;
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&context->tableLock, &lockHandle);
|
ExAcquireFastMutex(&context->tableLock);
|
||||||
|
|
||||||
for (entry = RtlEnumerateGenericTableWithoutSplayingAvl(&context->table, &restartKey);
|
for (entry = RtlEnumerateGenericTableWithoutSplayingAvl(&context->table, &restartKey);
|
||||||
entry != NULL;
|
entry != NULL;
|
||||||
@ -168,7 +165,7 @@ NTSTATUS RemoveAllRulesFromPsRuleList(PsRulesContext RuleContext)
|
|||||||
restartKey = NULL; // reset enum
|
restartKey = NULL; // reset enum
|
||||||
}
|
}
|
||||||
|
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&context->tableLock);
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
@ -177,11 +174,10 @@ NTSTATUS CheckInPsRuleList(PsRulesContext RuleContext, PCUNICODE_STRING ImgPath,
|
|||||||
{
|
{
|
||||||
PPsRulesInternalContext context = (PPsRulesInternalContext)RuleContext;
|
PPsRulesInternalContext context = (PPsRulesInternalContext)RuleContext;
|
||||||
NTSTATUS status = STATUS_NOT_FOUND;
|
NTSTATUS status = STATUS_NOT_FOUND;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
PPsRuleEntry entry;
|
PPsRuleEntry entry;
|
||||||
PVOID restartKey = NULL;
|
PVOID restartKey = NULL;
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&context->tableLock, &lockHandle);
|
ExAcquireFastMutex(&context->tableLock);
|
||||||
|
|
||||||
for (entry = RtlEnumerateGenericTableWithoutSplayingAvl(&context->table, &restartKey);
|
for (entry = RtlEnumerateGenericTableWithoutSplayingAvl(&context->table, &restartKey);
|
||||||
entry != NULL;
|
entry != NULL;
|
||||||
@ -203,7 +199,7 @@ NTSTATUS CheckInPsRuleList(PsRulesContext RuleContext, PCUNICODE_STRING ImgPath,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&context->tableLock);
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
@ -211,12 +207,11 @@ NTSTATUS CheckInPsRuleList(PsRulesContext RuleContext, PCUNICODE_STRING ImgPath,
|
|||||||
BOOLEAN FindInheritanceInPsRuleList(PsRulesContext RuleContext, PCUNICODE_STRING ImgPath, PULONG pInheritance)
|
BOOLEAN FindInheritanceInPsRuleList(PsRulesContext RuleContext, PCUNICODE_STRING ImgPath, PULONG pInheritance)
|
||||||
{
|
{
|
||||||
PPsRulesInternalContext context = (PPsRulesInternalContext)RuleContext;
|
PPsRulesInternalContext context = (PPsRulesInternalContext)RuleContext;
|
||||||
KLOCK_QUEUE_HANDLE lockHandle;
|
|
||||||
PPsRuleEntry entry;
|
PPsRuleEntry entry;
|
||||||
PVOID restartKey = NULL;
|
PVOID restartKey = NULL;
|
||||||
BOOLEAN result = FALSE;
|
BOOLEAN result = FALSE;
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&context->tableLock, &lockHandle);
|
ExAcquireFastMutex(&context->tableLock);
|
||||||
|
|
||||||
for (entry = RtlEnumerateGenericTableWithoutSplayingAvl(&context->table, &restartKey);
|
for (entry = RtlEnumerateGenericTableWithoutSplayingAvl(&context->table, &restartKey);
|
||||||
entry != NULL;
|
entry != NULL;
|
||||||
@ -230,7 +225,7 @@ BOOLEAN FindInheritanceInPsRuleList(PsRulesContext RuleContext, PCUNICODE_STRING
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
ExReleaseFastMutex(&context->tableLock);
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user