mirror of
https://github.com/JKornev/hidden
synced 2024-06-28 18:02:15 +00:00
3851dcd17d
- Fixed issue with signing Release driver builds - Renamed all Nt* functions to Zw* (access denied fix, KTHREAD!PreviousMode) - Added "apply to all processes" feature for adding exluded\protected images api - Fixed sync issues for process table, sync primitives moved to external code etc
27 lines
1.1 KiB
C
27 lines
1.1 KiB
C
#pragma once
|
|
|
|
#include <Ntddk.h>
|
|
|
|
typedef struct _ProcessId {
|
|
HANDLE id;
|
|
LARGE_INTEGER creationTime;
|
|
} ProcessId, *PProcessId;
|
|
|
|
NTSTATUS InitializePsMonitor(PDRIVER_OBJECT DriverObject);
|
|
NTSTATUS DestroyPsMonitor();
|
|
|
|
BOOLEAN IsProcessExcluded(HANDLE ProcessId);
|
|
BOOLEAN IsProcessProtected(HANDLE ProcessId);
|
|
|
|
NTSTATUS AddProtectedImage(PUNICODE_STRING ImagePath, ULONG InheritType, BOOLEAN ApplyForProcesses, PULONGLONG ObjId);
|
|
NTSTATUS GetProtectedProcessState(HANDLE ProcessId, PULONG InheritType, PBOOLEAN Enable);
|
|
NTSTATUS SetProtectedProcessState(HANDLE ProcessId, ULONG InheritType, BOOLEAN Enable);
|
|
NTSTATUS RemoveProtectedImage(ULONGLONG ObjId);
|
|
NTSTATUS RemoveAllProtectedImages();
|
|
|
|
NTSTATUS AddExcludedImage(PUNICODE_STRING ImagePath, ULONG InheritType, BOOLEAN ApplyForProcesses, PULONGLONG ObjId);
|
|
NTSTATUS GetExcludedProcessState(HANDLE ProcessId, PULONG InheritType, PBOOLEAN Enable);
|
|
NTSTATUS SetExcludedProcessState(HANDLE ProcessId, ULONG InheritType, BOOLEAN Enable);
|
|
NTSTATUS RemoveExcludedImage(ULONGLONG ObjId);
|
|
NTSTATUS RemoveAllExcludedImages();
|