Mirrors/hidden
6
0
Fork 0
mirror of https://github.com/JKornev/hidden synced 2024-06-20 14:08:05 +00:00
Code Issues Projects Releases Wiki Activity
master
hidden/Hidden/PsMonitor.h
JKornev 9d3db08314 Implemented /unhide support for processes
2021-07-29 03:27:09 +03:00

33 lines
1.4 KiB
C
Raw Permalink Blame History

#pragma once
#include <Ntddk.h>
typedef struct _ProcessId {
HANDLE id;
LARGE_INTEGER creationTime;
} ProcessId, *PProcessId;
NTSTATUS InitializePsMonitor(PDRIVER_OBJECT DriverObject);
NTSTATUS DestroyPsMonitor();
BOOLEAN IsProcessExcluded(HANDLE ProcessId);
BOOLEAN IsProcessProtected(HANDLE ProcessId);
NTSTATUS AddProtectedImage(PUNICODE_STRING ImagePath, ULONG InheritType, BOOLEAN ApplyForProcesses, PULONGLONG ObjId);
NTSTATUS GetProtectedProcessState(HANDLE ProcessId, PULONG InheritType, PBOOLEAN Enable);
NTSTATUS SetProtectedProcessState(HANDLE ProcessId, ULONG InheritType, BOOLEAN Enable);
NTSTATUS RemoveProtectedImage(ULONGLONG ObjId);
NTSTATUS RemoveAllProtectedImages();
NTSTATUS AddExcludedImage(PUNICODE_STRING ImagePath, ULONG InheritType, BOOLEAN ApplyForProcesses, PULONGLONG ObjId);
NTSTATUS GetExcludedProcessState(HANDLE ProcessId, PULONG InheritType, PBOOLEAN Enable);
NTSTATUS SetExcludedProcessState(HANDLE ProcessId, ULONG InheritType, BOOLEAN Enable);
NTSTATUS RemoveExcludedImage(ULONGLONG ObjId);
NTSTATUS RemoveAllExcludedImages();
NTSTATUS AddHiddenImage(PUNICODE_STRING ImagePath, ULONG InheritType, BOOLEAN ApplyForProcesses, PULONGLONG ObjId);
NTSTATUS GetHiddenProcessState(HANDLE ProcessId, PULONG InheritType, PBOOLEAN Enable);
NTSTATUS SetHiddenProcessState(HANDLE ProcessId, ULONG InheritType, BOOLEAN Enable);
NTSTATUS RemoveHiddenImage(ULONGLONG ObjId);
NTSTATUS RemoveAllHiddenImages();
NTSTATUS RemoveAllHiddenProcesses();
Reference in New Issue View Git Blame Copy Permalink