mirror of
https://github.com/JKornev/hidden
synced 2024-06-28 18:02:15 +00:00
3851dcd17d
- Fixed issue with signing Release driver builds - Renamed all Nt* functions to Zw* (access denied fix, KTHREAD!PreviousMode) - Added "apply to all processes" feature for adding exluded\protected images api - Fixed sync issues for process table, sync primitives moved to external code etc
33 lines
1.1 KiB
C
33 lines
1.1 KiB
C
#pragma once
|
|
|
|
#include <Ntddk.h>
|
|
|
|
typedef struct _ProcessTableEntry {
|
|
HANDLE processId;
|
|
|
|
BOOLEAN excluded;
|
|
ULONG inheritExclusion;
|
|
|
|
BOOLEAN protected;
|
|
ULONG inheritProtection;
|
|
|
|
BOOLEAN subsystem;
|
|
BOOLEAN inited;
|
|
|
|
} ProcessTableEntry, *PProcessTableEntry;
|
|
|
|
NTSTATUS InitializeProcessTable(VOID(*InitProcessEntryCallback)(PProcessTableEntry, PCUNICODE_STRING, HANDLE));
|
|
VOID DestroyProcessTable();
|
|
|
|
// Important notice:
|
|
// Keep in mind that internal sync mechanisms removed from functions below (including DestroyProcessTable)
|
|
// because in some situations we need to perform two operation under one lock, for instance we should
|
|
// perform GetProcessInProcessTable and UpdateProcessInProcessTable under one lock. So in this case all
|
|
// functions, excluding InitializeProcessTable, should be synced manualy from external code
|
|
|
|
BOOLEAN AddProcessToProcessTable(PProcessTableEntry entry);
|
|
BOOLEAN RemoveProcessFromProcessTable(PProcessTableEntry entry);
|
|
BOOLEAN GetProcessInProcessTable(PProcessTableEntry entry);
|
|
BOOLEAN UpdateProcessInProcessTable(PProcessTableEntry entry);
|
|
|