mirror of
https://github.com/JKornev/hidden
synced 2024-06-20 14:08:05 +00:00
40 lines
1.3 KiB
C
40 lines
1.3 KiB
C
#pragma once
|
|
|
|
#include <Ntddk.h>
|
|
#include "Helper.h"
|
|
|
|
typedef struct _ProcessTableEntry {
|
|
HANDLE processId;
|
|
|
|
BOOLEAN excluded;
|
|
ULONG inheritExclusion;
|
|
|
|
BOOLEAN protected;
|
|
ULONG inheritProtection;
|
|
|
|
BOOLEAN hidden;
|
|
BOOLEAN postponeHiding;
|
|
ULONG inheritStealth;
|
|
PEPROCESS reference;
|
|
HANDLE_TABLE_ENTRY cidEntryBackup;
|
|
PHANDLE_TABLE_ENTRY cidEntry;
|
|
|
|
BOOLEAN subsystem;
|
|
BOOLEAN inited;
|
|
|
|
} ProcessTableEntry, *PProcessTableEntry;
|
|
|
|
NTSTATUS InitializeProcessTable(VOID(*InitProcessEntryCallback)(PProcessTableEntry, PCUNICODE_STRING, HANDLE));
|
|
VOID ClearProcessTable(VOID(*CleanupCallback)(PProcessTableEntry));
|
|
VOID EnumProcessTable(VOID(*EnumCallback)(PProcessTableEntry));
|
|
|
|
// Important notice:
|
|
// Keep in mind that internal sync mechanisms removed from functions below (including DestroyProcessTable)
|
|
// because in some situations we need to perform two operation under one lock, for instance we should
|
|
// perform GetProcessInProcessTable and UpdateProcessInProcessTable under one lock. So in this case all
|
|
// functions, excluding InitializeProcessTable, should be synced manualy from external code
|
|
|
|
BOOLEAN AddProcessToProcessTable(PProcessTableEntry entry);
|
|
BOOLEAN RemoveProcessFromProcessTable(HANDLE ProcessId);
|
|
PProcessTableEntry GetProcessInProcessTable(HANDLE ProcessId);
|