Update kutils.hpp

main
IDontCode 3 years ago
parent ae8be70806
commit cb3ae1fb8c

@ -641,7 +641,7 @@ FORCEINLINE PVOID GetDriverExport(_In_ CONST CHAR* pszDriverName,
: NULL; : NULL;
} }
FORCEINLINE PDRIVER_OBJECT GetDriverObject(_In_ CONST WHCAR* pwszDriverName) { FORCEINLINE PDRIVER_OBJECT GetDriverObject(_In_ CONST WCHAR* pwszDriverName) {
HANDLE handle{}; HANDLE handle{};
OBJECT_ATTRIBUTES attr{}; OBJECT_ATTRIBUTES attr{};
UNICODE_STRING dirName{}; UNICODE_STRING dirName{};
@ -775,7 +775,8 @@ FORCEINLINE VOID ForEachProcess(_In_ PsCallbackPtr lpCallback) {
DYN_NT_SYM(ExFreePool)(origPtr); DYN_NT_SYM(ExFreePool)(origPtr);
} }
FORCEINLINE VOID ForEachThread(_In_ HANDLE hPid, _In_ TdCallbackPtr lpCallback) { FORCEINLINE VOID ForEachThread(_In_ HANDLE hPid,
_In_ TdCallbackPtr lpCallback) {
ULONG nAllocSize{}; ULONG nAllocSize{};
DYN_NT_SYM(ZwQuerySystemInformation) DYN_NT_SYM(ZwQuerySystemInformation)
(SystemProcessInformation, NULL, nAllocSize, &nAllocSize); (SystemProcessInformation, NULL, nAllocSize, &nAllocSize);
@ -790,20 +791,20 @@ FORCEINLINE VOID ForEachThread(_In_ HANDLE hPid, _In_ TdCallbackPtr lpCallback)
while (true) { while (true) {
if (lpstProcInfo->ProcessId == hPid) if (lpstProcInfo->ProcessId == hPid)
for (UINT idx = 0u; idx < lpstProcInfo->NumberOfThreads; ++idx) for (INT idx = 0u; idx < lpstProcInfo->NumberOfThreads; ++idx)
lpCallback(lpstProcInfo->Threads[idx]); lpCallback(lpstProcInfo->Threads[idx]);
if (!lpstProcInfo->NextEntryOffset) if (!lpstProcInfo->NextEntryOffset)
break; break;
lpstProcInfo = lpstProcInfo = (PSYSTEM_PROCESS_INFORMATION)((ULONG64)lpstProcInfo +
(PSYSTEM_PROCESS_INFORMATION)((ULONG64)lpstProcInfo+ lpstProcInfo->NextEntryOffset)); lpstProcInfo->NextEntryOffset);
} }
DYN_NT_SYM(ExFreePool)(lpstOrigPtr); DYN_NT_SYM(ExFreePool)(lpstOrigPtr);
} }
FORCEINLINE PVOID GetModuleBase(_In_ HANDLE hPid, FORCEINLINE PVOID GetModuleBase(_In_ HANDLE hPid,
_In_ CONST PWCHAR pwszModuleName) { _In_ CONST WCHAR* pwszModuleName) {
PEPROCESS lpProc; PEPROCESS lpProc;
KAPC_STATE stApcState; KAPC_STATE stApcState;
if (NT_SUCCESS(DYN_NT_SYM(PsLookupProcessByProcessId)(hPid, &lpProc))) { if (NT_SUCCESS(DYN_NT_SYM(PsLookupProcessByProcessId)(hPid, &lpProc))) {

Loading…
Cancel
Save