Process Hacker
dyndata.h
Go to the documentation of this file.
1 #ifndef DYNDATA_H
2 #define DYNDATA_H
3 
4 typedef NTSTATUS (NTAPI *_PsTerminateProcess)(
5  __in PEPROCESS Process,
6  __in NTSTATUS ExitStatus
7  );
8 
9 typedef NTSTATUS (FASTCALL *_PsTerminateProcess63)(
10  __in PEPROCESS Process,
11  __in NTSTATUS ExitStatus
12  );
13 
14 typedef NTSTATUS (NTAPI *_PspTerminateThreadByPointer51)(
15  __in PETHREAD Thread,
16  __in NTSTATUS ExitStatus
17  );
18 
19 typedef NTSTATUS (NTAPI *_PspTerminateThreadByPointer52)(
20  __in PETHREAD Thread,
21  __in NTSTATUS ExitStatus,
22  __in BOOLEAN DirectTerminate
23  );
24 
25 typedef NTSTATUS (FASTCALL *_PspTerminateThreadByPointer63)(
26  __in PETHREAD Thread,
27  __in NTSTATUS ExitStatus,
28  __in BOOLEAN DirectTerminate
29  );
30 
31 typedef struct _KPH_PROCEDURE_SCAN
32 {
33  BOOLEAN Initialized;
34  BOOLEAN Scanned;
35  PUCHAR Bytes;
36  ULONG Length;
37  ULONG_PTR StartAddress;
38  ULONG ScanLength;
39  LONG Displacement;
40 
41  PVOID ProcedureAddress; // scan result
42 } KPH_PROCEDURE_SCAN, *PKPH_PROCEDURE_SCAN;
43 
44 #ifdef EXT
45 #undef EXT
46 #endif
47 
48 #ifdef _DYNDATA_PRIVATE
49 #define EXT
50 #define OFFDEFAULT = -1
51 #else
52 #define EXT extern
53 #define OFFDEFAULT
54 #endif
55 
56 EXT ULONG KphDynNtVersion;
57 EXT RTL_OSVERSIONINFOEXW KphDynOsVersionInfo;
58 
59 // Structures
60 // Ege: ETW_GUID_ENTRY
61 // Ep: EPROCESS
62 // Ere: ETW_REG_ENTRY
63 // Et: ETHREAD
64 // Ht: HANDLE_TABLE
65 // Oh: OBJECT_HEADER
66 // Ot: OBJECT_TYPE
67 // Oti: OBJECT_TYPE_INITIALIZER, offset measured from an OBJECT_TYPE
68 // ObDecodeShift: shift value in ObpDecodeObject
69 // ObAttributesShift: shift value in ObpGetHandleAttributes
70 EXT ULONG KphDynEgeGuid OFFDEFAULT;
71 EXT ULONG KphDynEpObjectTable OFFDEFAULT;
72 EXT ULONG KphDynEpRundownProtect OFFDEFAULT;
73 EXT ULONG KphDynEreGuidEntry OFFDEFAULT;
74 EXT ULONG KphDynHtHandleContentionEvent OFFDEFAULT;
75 EXT ULONG KphDynOtName OFFDEFAULT;
76 EXT ULONG KphDynOtIndex OFFDEFAULT;
77 EXT ULONG KphDynObDecodeShift OFFDEFAULT;
78 EXT ULONG KphDynObAttributesShift OFFDEFAULT;
79 
80 // Procedures
81 EXT KPH_PROCEDURE_SCAN KphDynPsTerminateProcessScan;
82 EXT KPH_PROCEDURE_SCAN KphDynPspTerminateThreadByPointerScan;
83 
84 NTSTATUS KphDynamicDataInitialization(
85  VOID
86  );
87 
88 NTSTATUS KphReadDynamicDataParameters(
89  __in_opt HANDLE KeyHandle
90  );
91 
92 PVOID KphGetDynamicProcedureScan(
93  __inout PKPH_PROCEDURE_SCAN ProcedureScan
94  );
95 
96 #endif