Process Hacker
Functions | Variables
kph.c File Reference
#include <ph.h>
#include <kphuser.h>

Go to the source code of this file.

Functions

NTSTATUS KphpDeviceIoControl (_In_ ULONG KphControlCode, _In_ PVOID InBuffer, _In_ ULONG InBufferLength)
 
NTSTATUS KphConnect (_In_opt_ PWSTR DeviceName)
 
NTSTATUS KphConnect2 (_In_opt_ PWSTR DeviceName, _In_ PWSTR FileName)
 
NTSTATUS KphConnect2Ex (_In_opt_ PWSTR DeviceName, _In_ PWSTR FileName, _In_opt_ PKPH_PARAMETERS Parameters)
 
NTSTATUS KphDisconnect (VOID)
 
BOOLEAN KphIsConnected (VOID)
 
NTSTATUS KphSetParameters (_In_opt_ PWSTR DeviceName, _In_ PKPH_PARAMETERS Parameters)
 
NTSTATUS KphInstall (_In_opt_ PWSTR DeviceName, _In_ PWSTR FileName)
 
NTSTATUS KphInstallEx (_In_opt_ PWSTR DeviceName, _In_ PWSTR FileName, _In_opt_ PKPH_PARAMETERS Parameters)
 
NTSTATUS KphUninstall (_In_opt_ PWSTR DeviceName)
 
NTSTATUS KphGetFeatures (_Out_ PULONG Features)
 
NTSTATUS KphOpenProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ PCLIENT_ID ClientId)
 
NTSTATUS KphOpenProcessToken (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
 
NTSTATUS KphOpenProcessJob (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE JobHandle)
 
NTSTATUS KphSuspendProcess (_In_ HANDLE ProcessHandle)
 
NTSTATUS KphResumeProcess (_In_ HANDLE ProcessHandle)
 
NTSTATUS KphTerminateProcess (_In_ HANDLE ProcessHandle, _In_ NTSTATUS ExitStatus)
 
NTSTATUS KphReadVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _Out_writes_bytes_(BufferSize) PVOID Buffer, _In_ SIZE_T BufferSize, _Out_opt_ PSIZE_T NumberOfBytesRead)
 
NTSTATUS KphWriteVirtualMemory (_In_ HANDLE ProcessHandle, _In_opt_ PVOID BaseAddress, _In_reads_bytes_(BufferSize) PVOID Buffer, _In_ SIZE_T BufferSize, _Out_opt_ PSIZE_T NumberOfBytesWritten)
 
NTSTATUS KphReadVirtualMemoryUnsafe (_In_opt_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _Out_writes_bytes_(BufferSize) PVOID Buffer, _In_ SIZE_T BufferSize, _Out_opt_ PSIZE_T NumberOfBytesRead)
 
NTSTATUS KphQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ KPH_PROCESS_INFORMATION_CLASS ProcessInformationClass, _Out_writes_bytes_(ProcessInformationLength) PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
 
NTSTATUS KphSetInformationProcess (_In_ HANDLE ProcessHandle, _In_ KPH_PROCESS_INFORMATION_CLASS ProcessInformationClass, _In_reads_bytes_(ProcessInformationLength) PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)
 
NTSTATUS KphOpenThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ PCLIENT_ID ClientId)
 
NTSTATUS KphOpenThreadProcess (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE ProcessHandle)
 
NTSTATUS KphTerminateThread (_In_ HANDLE ThreadHandle, _In_ NTSTATUS ExitStatus)
 
NTSTATUS KphTerminateThreadUnsafe (_In_ HANDLE ThreadHandle, _In_ NTSTATUS ExitStatus)
 
NTSTATUS KphGetContextThread (_In_ HANDLE ThreadHandle, _Inout_ PCONTEXT ThreadContext)
 
NTSTATUS KphSetContextThread (_In_ HANDLE ThreadHandle, _In_ PCONTEXT ThreadContext)
 
NTSTATUS KphCaptureStackBackTraceThread (_In_ HANDLE ThreadHandle, _In_ ULONG FramesToSkip, _In_ ULONG FramesToCapture, _Out_writes_(FramesToCapture) PVOID *BackTrace, _Out_opt_ PULONG CapturedFrames, _Out_opt_ PULONG BackTraceHash)
 
NTSTATUS KphQueryInformationThread (_In_ HANDLE ThreadHandle, _In_ KPH_THREAD_INFORMATION_CLASS ThreadInformationClass, _Out_writes_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength, _Out_opt_ PULONG ReturnLength)
 
NTSTATUS KphSetInformationThread (_In_ HANDLE ThreadHandle, _In_ KPH_THREAD_INFORMATION_CLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength)
 
NTSTATUS KphEnumerateProcessHandles (_In_ HANDLE ProcessHandle, _Out_writes_bytes_(BufferLength) PVOID Buffer, _In_opt_ ULONG BufferLength, _Out_opt_ PULONG ReturnLength)
 
NTSTATUS KphEnumerateProcessHandles2 (_In_ HANDLE ProcessHandle, _Out_ PKPH_PROCESS_HANDLE_INFORMATION *Handles)
 
NTSTATUS KphQueryInformationObject (_In_ HANDLE ProcessHandle, _In_ HANDLE Handle, _In_ KPH_OBJECT_INFORMATION_CLASS ObjectInformationClass, _Out_writes_bytes_(ObjectInformationLength) PVOID ObjectInformation, _In_ ULONG ObjectInformationLength, _Out_opt_ PULONG ReturnLength)
 
NTSTATUS KphSetInformationObject (_In_ HANDLE ProcessHandle, _In_ HANDLE Handle, _In_ KPH_OBJECT_INFORMATION_CLASS ObjectInformationClass, _In_reads_bytes_(ObjectInformationLength) PVOID ObjectInformation, _In_ ULONG ObjectInformationLength)
 
NTSTATUS KphDuplicateObject (_In_ HANDLE SourceProcessHandle, _In_ HANDLE SourceHandle, _In_opt_ HANDLE TargetProcessHandle, _Out_opt_ PHANDLE TargetHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _In_ ULONG Options)
 
NTSTATUS KphOpenDriver (_Out_ PHANDLE DriverHandle, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
 
NTSTATUS KphQueryInformationDriver (_In_ HANDLE DriverHandle, _In_ DRIVER_INFORMATION_CLASS DriverInformationClass, _Out_writes_bytes_(DriverInformationLength) PVOID DriverInformation, _In_ ULONG DriverInformationLength, _Out_opt_ PULONG ReturnLength)
 

Variables

HANDLE PhKphHandle = NULL
 

Function Documentation

NTSTATUS KphCaptureStackBackTraceThread ( _In_ HANDLE  ThreadHandle,
_In_ ULONG  FramesToSkip,
_In_ ULONG  FramesToCapture,
_Out_writes_(FramesToCapture) PVOID *  BackTrace,
_Out_opt_ PULONG  CapturedFrames,
_Out_opt_ PULONG  BackTraceHash 
)

Definition at line 843 of file kph.c.

NTSTATUS KphConnect ( _In_opt_ PWSTR  DeviceName)

Definition at line 34 of file kph.c.

NTSTATUS KphConnect2 ( _In_opt_ PWSTR  DeviceName,
_In_ PWSTR  FileName 
)

Definition at line 90 of file kph.c.

NTSTATUS KphConnect2Ex ( _In_opt_ PWSTR  DeviceName,
_In_ PWSTR  FileName,
_In_opt_ PKPH_PARAMETERS  Parameters 
)

Definition at line 98 of file kph.c.

NTSTATUS KphDisconnect ( VOID  )

Definition at line 228 of file kph.c.

NTSTATUS KphDuplicateObject ( _In_ HANDLE  SourceProcessHandle,
_In_ HANDLE  SourceHandle,
_In_opt_ HANDLE  TargetProcessHandle,
_Out_opt_ PHANDLE  TargetHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_In_ ULONG  Options 
)

Definition at line 1029 of file kph.c.

NTSTATUS KphEnumerateProcessHandles ( _In_ HANDLE  ProcessHandle,
_Out_writes_bytes_(BufferLength) PVOID  Buffer,
_In_opt_ ULONG  BufferLength,
_Out_opt_ PULONG  ReturnLength 
)

Definition at line 915 of file kph.c.

NTSTATUS KphEnumerateProcessHandles2 ( _In_ HANDLE  ProcessHandle,
_Out_ PKPH_PROCESS_HANDLE_INFORMATION Handles 
)

Definition at line 937 of file kph.c.

NTSTATUS KphGetContextThread ( _In_ HANDLE  ThreadHandle,
_Inout_ PCONTEXT  ThreadContext 
)

Definition at line 807 of file kph.c.

NTSTATUS KphGetFeatures ( _Out_ PULONG  Features)

Definition at line 469 of file kph.c.

NTSTATUS KphInstall ( _In_opt_ PWSTR  DeviceName,
_In_ PWSTR  FileName 
)

Definition at line 336 of file kph.c.

NTSTATUS KphInstallEx ( _In_opt_ PWSTR  DeviceName,
_In_ PWSTR  FileName,
_In_opt_ PKPH_PARAMETERS  Parameters 
)

Definition at line 344 of file kph.c.

BOOLEAN KphIsConnected ( VOID  )

Definition at line 256 of file kph.c.

NTSTATUS KphOpenDriver ( _Out_ PHANDLE  DriverHandle,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes 
)

Definition at line 1067 of file kph.c.

NTSTATUS KphOpenProcess ( _Out_ PHANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PCLIENT_ID  ClientId 
)

Definition at line 485 of file kph.c.

NTSTATUS KphOpenProcessJob ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  JobHandle 
)

Definition at line 525 of file kph.c.

NTSTATUS KphOpenProcessToken ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  TokenHandle 
)

Definition at line 505 of file kph.c.

NTSTATUS KphOpenThread ( _Out_ PHANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PCLIENT_ID  ClientId 
)

Definition at line 723 of file kph.c.

NTSTATUS KphOpenThreadProcess ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  ProcessHandle 
)

Definition at line 743 of file kph.c.

NTSTATUS KphpDeviceIoControl ( _In_ ULONG  KphControlCode,
_In_ PVOID  InBuffer,
_In_ ULONG  InBufferLength 
)

Definition at line 447 of file kph.c.

NTSTATUS KphQueryInformationDriver ( _In_ HANDLE  DriverHandle,
_In_ DRIVER_INFORMATION_CLASS  DriverInformationClass,
_Out_writes_bytes_(DriverInformationLength) PVOID  DriverInformation,
_In_ ULONG  DriverInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

Definition at line 1085 of file kph.c.

NTSTATUS KphQueryInformationObject ( _In_ HANDLE  ProcessHandle,
_In_ HANDLE  Handle,
_In_ KPH_OBJECT_INFORMATION_CLASS  ObjectInformationClass,
_Out_writes_bytes_(ObjectInformationLength) PVOID  ObjectInformation,
_In_ ULONG  ObjectInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

Definition at line 979 of file kph.c.

NTSTATUS KphQueryInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ KPH_PROCESS_INFORMATION_CLASS  ProcessInformationClass,
_Out_writes_bytes_(ProcessInformationLength) PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

Definition at line 677 of file kph.c.

NTSTATUS KphQueryInformationThread ( _In_ HANDLE  ThreadHandle,
_In_ KPH_THREAD_INFORMATION_CLASS  ThreadInformationClass,
_Out_writes_bytes_(ThreadInformationLength) PVOID  ThreadInformation,
_In_ ULONG  ThreadInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

Definition at line 869 of file kph.c.

NTSTATUS KphReadVirtualMemory ( _In_ HANDLE  ProcessHandle,
_In_ PVOID  BaseAddress,
_Out_writes_bytes_(BufferSize) PVOID  Buffer,
_In_ SIZE_T  BufferSize,
_Out_opt_ PSIZE_T  NumberOfBytesRead 
)

Definition at line 605 of file kph.c.

NTSTATUS KphReadVirtualMemoryUnsafe ( _In_opt_ HANDLE  ProcessHandle,
_In_ PVOID  BaseAddress,
_Out_writes_bytes_(BufferSize) PVOID  Buffer,
_In_ SIZE_T  BufferSize,
_Out_opt_ PSIZE_T  NumberOfBytesRead 
)

Definition at line 653 of file kph.c.

NTSTATUS KphResumeProcess ( _In_ HANDLE  ProcessHandle)

Definition at line 561 of file kph.c.

NTSTATUS KphSetContextThread ( _In_ HANDLE  ThreadHandle,
_In_ PCONTEXT  ThreadContext 
)

Definition at line 825 of file kph.c.

NTSTATUS KphSetInformationObject ( _In_ HANDLE  ProcessHandle,
_In_ HANDLE  Handle,
_In_ KPH_OBJECT_INFORMATION_CLASS  ObjectInformationClass,
_In_reads_bytes_(ObjectInformationLength) PVOID  ObjectInformation,
_In_ ULONG  ObjectInformationLength 
)

Definition at line 1005 of file kph.c.

NTSTATUS KphSetInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ KPH_PROCESS_INFORMATION_CLASS  ProcessInformationClass,
_In_reads_bytes_(ProcessInformationLength) PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength 
)

Definition at line 701 of file kph.c.

NTSTATUS KphSetInformationThread ( _In_ HANDLE  ThreadHandle,
_In_ KPH_THREAD_INFORMATION_CLASS  ThreadInformationClass,
_In_reads_bytes_(ThreadInformationLength) PVOID  ThreadInformation,
_In_ ULONG  ThreadInformationLength 
)

Definition at line 893 of file kph.c.

NTSTATUS KphSetParameters ( _In_opt_ PWSTR  DeviceName,
_In_ PKPH_PARAMETERS  Parameters 
)

Definition at line 263 of file kph.c.

NTSTATUS KphSuspendProcess ( _In_ HANDLE  ProcessHandle)

Definition at line 545 of file kph.c.

NTSTATUS KphTerminateProcess ( _In_ HANDLE  ProcessHandle,
_In_ NTSTATUS  ExitStatus 
)

Definition at line 577 of file kph.c.

NTSTATUS KphTerminateThread ( _In_ HANDLE  ThreadHandle,
_In_ NTSTATUS  ExitStatus 
)

Definition at line 763 of file kph.c.

NTSTATUS KphTerminateThreadUnsafe ( _In_ HANDLE  ThreadHandle,
_In_ NTSTATUS  ExitStatus 
)

Definition at line 789 of file kph.c.

NTSTATUS KphUninstall ( _In_opt_ PWSTR  DeviceName)

Definition at line 408 of file kph.c.

NTSTATUS KphWriteVirtualMemory ( _In_ HANDLE  ProcessHandle,
_In_opt_ PVOID  BaseAddress,
_In_reads_bytes_(BufferSize) PVOID  Buffer,
_In_ SIZE_T  BufferSize,
_Out_opt_ PSIZE_T  NumberOfBytesWritten 
)

Definition at line 629 of file kph.c.

Variable Documentation

HANDLE PhKphHandle = NULL

Definition at line 32 of file kph.c.