Mirrors/hidden
6
0
Fork 0
mirror of https://github.com/JKornev/hidden synced 2024-06-28 18:02:15 +00:00
Code Issues Projects Releases Wiki Activity
3e5e5e8679
hidden/Hidden/PsMonitor.h
JKornev f65a2301c6 PS monitor internal API implementation
2016-08-30 22:40:25 +03:00

27 lines
1.0 KiB
C
Raw Blame History

#pragma once
#include <Ntddk.h>
typedef struct _ProcessId {
HANDLE id;
LARGE_INTEGER creationTime;
} ProcessId, *PProcessId;
NTSTATUS InitializePsMonitor(PDRIVER_OBJECT DriverObject);
NTSTATUS DestroyPsMonitor();
BOOLEAN IsProcessExcluded(HANDLE ProcessId);
BOOLEAN IsProcessProtected(HANDLE ProcessId);
NTSTATUS AddProtectedImage(PUNICODE_STRING ImagePath, ULONG InheritType, PULONGLONG ObjId);
NTSTATUS GetProtectedProcessState(HANDLE ProcessId, PULONG InheritType, PBOOLEAN Enable);
NTSTATUS SetProtectedProcessState(HANDLE ProcessId, ULONG InheritType, BOOLEAN Enable);
NTSTATUS RemoveProtectedImage(ULONGLONG ObjId);
NTSTATUS RemoveAllProtectedImages();
NTSTATUS AddExcludedImage(PUNICODE_STRING ImagePath, ULONG InheritType, PULONGLONG ObjId);
NTSTATUS GetExcludedProcessState(HANDLE ProcessId, PULONG InheritType, PBOOLEAN Enable);
NTSTATUS SetExcludedProcessState(HANDLE ProcessId, ULONG InheritType, BOOLEAN Enable);
NTSTATUS RemoveExcludedImage(ULONGLONG ObjId);
NTSTATUS RemoveAllExcludedImages();
Reference in New Issue View Git Blame Copy Permalink