mirror-ac/driver/thread.h

#ifndef THREAD_H
#define THREAD_H

#include <ntifs.h>

#include  "common.h"

typedef struct _HIDDEN_SYSTEM_THREAD_REPORT
{
	INT report_code;
	INT found_in_kthreadlist;
	INT found_in_pspcidtable;
	UINT64 thread_address;
	LONG thread_id;
	CHAR thread[4096];

}HIDDEN_SYSTEM_THREAD_REPORT, * PHIDDEN_SYSTEM_THREAD_REPORT;

typedef struct _ATTACH_PROCESS_REPORT
{
	INT report_code;
	UINT32 thread_id;
	UINT64 thread_address;

}ATTACH_PROCESS_REPORT, * PATTACH_PROCESS_REPORT;

VOID
ValidateKPCRBThreads(
	_In_ PIRP Irp
);

VOID
DetectThreadsAttachedToProtectedProcess();

#endif
bed time c: 2023-08-29 19:36:58 +02:00			`#ifndef THREAD_H`
			`#define THREAD_H`

			`#include <ntifs.h>`

			`#include "common.h"`

thread validation check 2023-08-30 13:15:57 +02:00			`typedef struct _HIDDEN_SYSTEM_THREAD_REPORT`
			`{`
			`INT report_code;`
			`INT found_in_kthreadlist;`
			`INT found_in_pspcidtable;`
			`UINT64 thread_address;`
			`LONG thread_id;`
da 2023-10-05 08:27:17 +02:00			`CHAR thread[4096];`
thread validation check 2023-08-30 13:15:57 +02:00
da 2023-10-05 08:27:17 +02:00			`}HIDDEN_SYSTEM_THREAD_REPORT, * PHIDDEN_SYSTEM_THREAD_REPORT;`
thread validation check 2023-08-30 13:15:57 +02:00
implemented global report irp queue 2023-09-02 10:54:04 +02:00			`typedef struct _ATTACH_PROCESS_REPORT`
			`{`
			`INT report_code;`
da 2023-10-05 08:27:17 +02:00			`UINT32 thread_id;`
			`UINT64 thread_address;`
implemented global report irp queue 2023-09-02 10:54:04 +02:00
da 2023-10-05 08:27:17 +02:00			`}ATTACH_PROCESS_REPORT, * PATTACH_PROCESS_REPORT;`
implemented global report irp queue 2023-09-02 10:54:04 +02:00
da 2023-10-05 08:27:17 +02:00			`VOID`
fix apc free deadlock ting 2023-09-27 06:22:14 +02:00			`ValidateKPCRBThreads(`
e 2023-09-02 15:47:15 +02:00			`_In_ PIRP Irp`
			`);`

da 2023-10-05 08:27:17 +02:00			`VOID`
fix apc free deadlock ting 2023-09-27 06:22:14 +02:00			`DetectThreadsAttachedToProtectedProcess();`
e 2023-09-02 15:47:15 +02:00
bed time c: 2023-08-29 19:36:58 +02:00			`#endif`