|
|
|
|
@ -24,9 +24,9 @@ __int64 __usercall apc_callback@<rax>(char _CL@<cl>, char _BH@<bh>, __int64 *a3@
|
|
|
|
|
Registeration of APCS:
|
|
|
|
|
|
|
|
|
|
```cpp
|
|
|
|
|
current_thread_id = PsLookupThreadByThreadId(thread_id, &some_pethread);
|
|
|
|
|
status = PsLookupThreadByThreadId(thread_id, &some_pethread);
|
|
|
|
|
v17 = 0;
|
|
|
|
|
if ( (int)current_thread_id >= 0 )
|
|
|
|
|
if ( (int)status >= 0 )
|
|
|
|
|
{
|
|
|
|
|
allocated_pool = ExAllocatePool(0x200i64, 0x878i64);
|
|
|
|
|
allocated_pool_1 = allocated_pool;
|
|
|
|
|
@ -39,4 +39,4 @@ Registeration of APCS:
|
|
|
|
|
LOBYTE(v77) = 0;
|
|
|
|
|
KeInitializeApc(allocated_pool_2, some_pethread, 0i64, j_apc_callback, 0i64, 0i64, v77, 0i64);
|
|
|
|
|
if ( (unsigned __int8)KeInsertQueueApc(allocated_pool_2, allocated_pool_2, 0i64, 2i64) )
|
|
|
|
|
```
|
|
|
|
|
```
|
xerox
4 years ago