Process Hacker
Main Page
Namespaces
Data Structures
Files
File List
Globals
dynimp.c
Go to the documentation of this file.
1
/*
2
* KProcessHacker
3
*
4
* Copyright (C) 2010-2011 wj32
5
*
6
* This file is part of Process Hacker.
7
*
8
* Process Hacker is free software; you can redistribute it and/or modify
9
* it under the terms of the GNU General Public License as published by
10
* the Free Software Foundation, either version 3 of the License, or
11
* (at your option) any later version.
12
*
13
* Process Hacker is distributed in the hope that it will be useful,
14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
* GNU General Public License for more details.
17
*
18
* You should have received a copy of the GNU General Public License
19
* along with Process Hacker. If not, see <http://www.gnu.org/licenses/>.
20
*/
21
22
#include <
kph.h
>
23
#include <
dyndata.h
>
24
25
#ifdef ALLOC_PRAGMA
26
#pragma alloc_text(PAGE, KphGetSystemRoutineAddress)
27
#pragma alloc_text(PAGE, KphDynamicImport)
28
#endif
29
30
_ExfUnblockPushLock
ExfUnblockPushLock_I
;
31
_ObGetObjectType
ObGetObjectType_I
;
32
_PsAcquireProcessExitSynchronization
PsAcquireProcessExitSynchronization_I
;
33
_PsIsProtectedProcess
PsIsProtectedProcess_I
;
34
_PsReleaseProcessExitSynchronization
PsReleaseProcessExitSynchronization_I
;
35
_PsResumeProcess
PsResumeProcess_I
;
36
_PsSuspendProcess
PsSuspendProcess_I
;
37
41
VOID
KphDynamicImport
(
42
VOID
43
)
44
{
45
PAGED_CODE();
46
47
if
(
KphDynNtVersion
>=
PHNT_WIN8
)
48
ExfUnblockPushLock_I
=
KphGetSystemRoutineAddress
(L
"ExfUnblockPushLock"
);
49
ObGetObjectType_I
=
KphGetSystemRoutineAddress
(L
"ObGetObjectType"
);
50
PsAcquireProcessExitSynchronization_I
=
KphGetSystemRoutineAddress
(L
"PsAcquireProcessExitSynchronization"
);
51
PsIsProtectedProcess_I
=
KphGetSystemRoutineAddress
(L
"PsIsProtectedProcess"
);
52
PsReleaseProcessExitSynchronization_I
=
KphGetSystemRoutineAddress
(L
"PsReleaseProcessExitSynchronization"
);
53
PsResumeProcess_I
=
KphGetSystemRoutineAddress
(L
"PsResumeProcess"
);
54
PsSuspendProcess_I
=
KphGetSystemRoutineAddress
(L
"PsSuspendProcess"
);
55
56
dprintf
(
"ExfUnblockPushLock: 0x%Ix\n"
,
ExfUnblockPushLock_I
);
57
dprintf
(
"ObGetObjectType: 0x%Ix\n"
,
ObGetObjectType_I
);
58
dprintf
(
"PsAcquireProcessExitSynchronization: 0x%Ix\n"
,
PsAcquireProcessExitSynchronization_I
);
59
dprintf
(
"PsIsProtectedProcess: 0x%Ix\n"
,
PsIsProtectedProcess_I
);
60
dprintf
(
"PsReleaseProcessExitSynchronization: 0x%Ix\n"
,
PsReleaseProcessExitSynchronization_I
);
61
dprintf
(
"PsResumeProcess: 0x%Ix\n"
,
PsResumeProcess_I
);
62
dprintf
(
"PsSuspendProcess: 0x%Ix\n"
,
PsSuspendProcess_I
);
63
}
64
73
PVOID
KphGetSystemRoutineAddress
(
74
__in PWSTR SystemRoutineName
75
)
76
{
77
UNICODE_STRING
systemRoutineName;
78
79
PAGED_CODE();
80
81
RtlInitUnicodeString
(&systemRoutineName, SystemRoutineName);
82
83
return
MmGetSystemRoutineAddress(&systemRoutineName);
84
}
KProcessHacker
dynimp.c
Generated by
1.8.2
1.8.2 1.8.2