Mirrors/hidden
6
0
Fork 0
mirror of https://github.com/JKornev/hidden synced 2024-06-16 12:08:05 +00:00
Code Issues Projects Releases Wiki Activity
master
hidden/Hidden/PsRules.h
JKornev 480b0ef15f Added protected & excluded process lists
2016-08-27 23:18:54 +03:00

35 lines
1.1 KiB
C
Raw Permalink Blame History

#pragma once
#include <Ntddk.h>
typedef PVOID PsRulesContext;
typedef PsRulesContext* PPsRulesContext;
typedef ULONGLONG PsRuleEntryId;
typedef PsRuleEntryId* PPsRuleEntryId;
enum PsRuleInheritTypes {
PsRuleTypeWithoutInherit = 0,
PsRuleTypeInherit,
PsRuleTypeInheritOnce,
PsRuleTypeMax
};
typedef struct _PsRuleEntry {
ULONGLONG guid;
UNICODE_STRING imagePath;
ULONG inheritType;
ULONG len;
} PsRuleEntry, *PPsRuleEntry;
NTSTATUS InitializePsRuleListContext(PPsRulesContext pRuleContext);
VOID DestroyPsRuleListContext(PsRulesContext RuleContext);
NTSTATUS AddRuleToPsRuleList(PsRulesContext RuleContext, PUNICODE_STRING ImgPath, ULONG InheritType, PPsRuleEntryId EntryId);
NTSTATUS RemoveRuleFromPsRuleList(PsRulesContext RuleContext, PsRuleEntryId EntryId);
NTSTATUS RemoveAllRulesFromPsRuleList(PsRulesContext RuleContext);
NTSTATUS CheckInPsRuleList(PsRulesContext RuleContext, PCUNICODE_STRING ImgPath, PPsRuleEntry Rule, ULONG RuleSize, PULONG OutSize);
BOOLEAN FindInheritanceInPsRuleList(PsRulesContext RuleContext, PCUNICODE_STRING ImgPath, PULONG pInheritance);
Reference in New Issue View Git Blame Copy Permalink