mirror of
https://github.com/donnaskiez/ac.git
synced 2024-11-21 22:24:08 +01:00
working!!! qwoooo
This commit is contained in:
lhodges1
parent
6b32374c98
commit
2ebeb8a055
7 changed files with 64 additions and 44 deletions
|
|
@ -296,7 +296,6 @@ IncrementApcCount(
|
|||
)
|
||||
{
|
||||
PAPC_CONTEXT_HEADER header = NULL;
|
||||
KIRQL irql = KeGetCurrentIrql();
|
||||
GetApcContext(&header, ContextId);
|
||||
|
||||
if (!header)
|
||||
|
|
@ -359,7 +358,6 @@ _Releases_lock_(_Lock_kind_mutex_)
|
|||
NTSTATUS
|
||||
QueryActiveApcContextsForCompletion()
|
||||
{
|
||||
KIRQL irql = KeGetCurrentIrql();
|
||||
for (INT index = 0; index < MAXIMUM_APC_CONTEXTS; index++)
|
||||
{
|
||||
PAPC_CONTEXT_HEADER entry = NULL;
|
||||
|
|
@ -406,9 +404,6 @@ InsertApcContext(
|
|||
)
|
||||
{
|
||||
NTSTATUS status = STATUS_SUCCESS;
|
||||
KeAcquireGuardedMutex(&driver_config.lock);
|
||||
|
||||
PAPC_CONTEXT_HEADER header = Context;
|
||||
|
||||
/*
|
||||
* prevents the race condition where the driver is unloaded whilst a new apc operation
|
||||
|
|
@ -420,6 +415,10 @@ InsertApcContext(
|
|||
goto end;
|
||||
}
|
||||
|
||||
KeAcquireGuardedMutex(&driver_config.lock);
|
||||
|
||||
PAPC_CONTEXT_HEADER header = Context;
|
||||
|
||||
for (INT index = 0; index < MAXIMUM_APC_CONTEXTS; index++)
|
||||
{
|
||||
PUINT64 entry = driver_config.apc_contexts;
|
||||
|
|
@ -473,8 +472,6 @@ GetApcContextByIndex(
|
|||
_In_ INT Index
|
||||
)
|
||||
{
|
||||
KIRQL irql = KeGetCurrentIrql();
|
||||
|
||||
if (!Context)
|
||||
return;
|
||||
|
||||
|
|
@ -943,7 +940,10 @@ DriverUnload(
|
|||
|
||||
DEBUG_LOG("Unloading driver...");
|
||||
|
||||
/* dont unload while we have active APC operations */
|
||||
/*
|
||||
* This blocks the thread dispatching the unload action, which I don't think is ideal.
|
||||
* This is the issue with using
|
||||
*/
|
||||
while (DrvUnloadFreeAllApcContextStructures() == FALSE)
|
||||
YieldProcessor();
|
||||
|
||||
|
|
@ -1161,6 +1161,8 @@ DriverEntry(
|
|||
BOOLEAN flag = FALSE;
|
||||
NTSTATUS status;
|
||||
|
||||
DEBUG_LOG("Beginning driver entry lolz");
|
||||
|
||||
status = DrvLoadInitialiseDriverConfig(RegistryPath);
|
||||
|
||||
if (!NT_SUCCESS(status))
|
||||
|
|
|
|||
|
|
@ -21,23 +21,23 @@ DispatchApcOperation(
|
|||
#pragma alloc_text(PAGE, DeviceCreate)
|
||||
#endif
|
||||
|
||||
#define IOCCTL_RUN_NMI_CALLBACKS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2001, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_VALIDATE_DRIVER_OBJECTS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2002, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_NOTIFY_DRIVER_ON_PROCESS_LAUNCH CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2004, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_HANDLE_REPORTS_IN_CALLBACK_QUEUE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2005, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_PERFORM_VIRTUALIZATION_CHECK CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2006, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_ENUMERATE_HANDLE_TABLES CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2007, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_RETRIEVE_MODULE_EXECUTABLE_REGIONS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2008, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_REQUEST_TOTAL_MODULE_SIZE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2009, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_NOTIFY_DRIVER_ON_PROCESS_TERMINATION CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2010, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_SCAN_FOR_UNLINKED_PROCESS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2011, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_VALIDATE_KPRCB_CURRENT_THREAD CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2012, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_PERFORM_INTEGRITY_CHECK CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2013, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_DETECT_ATTACHED_THREADS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2014, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_VALIDATE_PROCESS_LOADED_MODULE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2015, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_REQUEST_HARDWARE_INFORMATION CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2016, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_INITIATE_APC_OPERATION CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2017, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_CHECK_FOR_EPT_HOOK CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2018, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCCTL_RUN_NMI_CALLBACKS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20001, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_VALIDATE_DRIVER_OBJECTS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20002, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_NOTIFY_DRIVER_ON_PROCESS_LAUNCH CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20004, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_HANDLE_REPORTS_IN_CALLBACK_QUEUE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20005, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_PERFORM_VIRTUALIZATION_CHECK CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20006, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_ENUMERATE_HANDLE_TABLES CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20007, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_RETRIEVE_MODULE_EXECUTABLE_REGIONS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20008, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_REQUEST_TOTAL_MODULE_SIZE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20009, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_NOTIFY_DRIVER_ON_PROCESS_TERMINATION CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20010, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_SCAN_FOR_UNLINKED_PROCESS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20011, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_VALIDATE_KPRCB_CURRENT_THREAD CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20012, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_PERFORM_INTEGRITY_CHECK CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20013, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_DETECT_ATTACHED_THREADS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20014, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_VALIDATE_PROCESS_LOADED_MODULE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20015, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_REQUEST_HARDWARE_INFORMATION CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20016, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_INITIATE_APC_OPERATION CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20017, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_CHECK_FOR_EPT_HOOK CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20018, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
|
||||
#define APC_OPERATION_STACKWALK 0x1
|
||||
|
||||
|
|
@ -88,6 +88,8 @@ DeviceControl(
|
|||
PKTHREAD thread = NULL;
|
||||
BOOLEAN security_flag = FALSE;
|
||||
|
||||
DEBUG_LOG("IOCTL Code: %lx", stack_location->Parameters.DeviceIoControl.IoControlCode);
|
||||
|
||||
/*
|
||||
* LMAO
|
||||
*/
|
||||
|
|
@ -357,7 +359,7 @@ DeviceControl(
|
|||
break;
|
||||
|
||||
default:
|
||||
DEBUG_ERROR("Invalid IOCTL passed to driver");
|
||||
DEBUG_ERROR("Invalid IOCTL passed to driver: %lx", stack_location->Parameters.DeviceIoControl.IoControlCode);
|
||||
status = STATUS_INVALID_PARAMETER;
|
||||
break;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -710,7 +710,7 @@ FindUnlinkedProcesses(
|
|||
DEBUG_ERROR("INVALID POOL proc OMGGG");
|
||||
|
||||
report_buffer =
|
||||
ExAllocatePool2(POOL_FLAG_NON_PAGED, sizeof(INVALID_PROCESS_ALLOCATION_REPORT), REPORT_POOL_TAG);
|
||||
ExAllocatePool2(POOL_FLAG_PAGED, sizeof(INVALID_PROCESS_ALLOCATION_REPORT), REPORT_POOL_TAG);
|
||||
|
||||
if (!report_buffer)
|
||||
goto end;
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@
|
|||
typedef struct _REPORT_QUEUE_CONFIGURATION
|
||||
{
|
||||
QUEUE_HEAD head;
|
||||
volatile BOOLEAN is_driver_unloading;
|
||||
KGUARDED_MUTEX lock;
|
||||
|
||||
}REPORT_QUEUE_CONFIGURATION, * PREPORT_QUEUE_CONFIGURATION;
|
||||
|
|
@ -34,6 +35,7 @@ InitialiseGlobalReportQueue(
|
|||
report_queue_config.head.start = NULL;
|
||||
report_queue_config.head.end = NULL;
|
||||
report_queue_config.head.entries = 0;
|
||||
report_queue_config.is_driver_unloading = FALSE;
|
||||
|
||||
KeInitializeGuardedMutex(&report_queue_config.head.lock);
|
||||
KeInitializeGuardedMutex(&report_queue_config.lock);
|
||||
|
|
@ -57,6 +59,7 @@ InitialiseGlobalReportQueue(
|
|||
// return head;
|
||||
//}
|
||||
|
||||
_IRQL_requires_max_(APC_LEVEL)
|
||||
_Acquires_lock_(_Lock_kind_mutex_)
|
||||
_Releases_lock_(_Lock_kind_mutex_)
|
||||
VOID
|
||||
|
|
@ -88,6 +91,7 @@ end:
|
|||
KeReleaseGuardedMutex(&Head->lock);
|
||||
}
|
||||
|
||||
_IRQL_requires_max_(APC_LEVEL)
|
||||
_Acquires_lock_(_Lock_kind_mutex_)
|
||||
_Releases_lock_(_Lock_kind_mutex_)
|
||||
PVOID
|
||||
|
|
@ -126,6 +130,9 @@ InsertReportToQueue(
|
|||
_In_ PVOID Report
|
||||
)
|
||||
{
|
||||
if (InterlockedExchange(&report_queue_config.is_driver_unloading, report_queue_config.is_driver_unloading))
|
||||
return;
|
||||
|
||||
KeAcquireGuardedMutex(&report_queue_config.lock);
|
||||
QueuePush(&report_queue_config.head, Report);
|
||||
KeReleaseGuardedMutex(&report_queue_config.lock);
|
||||
|
|
@ -137,6 +144,7 @@ _Releases_lock_(_Lock_kind_mutex_)
|
|||
VOID
|
||||
FreeGlobalReportQueueObjects()
|
||||
{
|
||||
InterlockedExchange(&report_queue_config.is_driver_unloading, TRUE);
|
||||
KeAcquireGuardedMutex(&report_queue_config.lock);
|
||||
|
||||
PVOID report = QueuePop(&report_queue_config.head);
|
||||
|
|
@ -145,6 +153,7 @@ FreeGlobalReportQueueObjects()
|
|||
{
|
||||
ExFreePoolWithTag(report, REPORT_POOL_TAG);
|
||||
report = QueuePop(&report_queue_config.head);
|
||||
DEBUG_LOG("Queu Unload Remaining Entries: %i", report_queue_config.head.entries);
|
||||
}
|
||||
|
||||
end:
|
||||
|
|
@ -175,6 +184,7 @@ HandlePeriodicGlobalReportQueueQuery(
|
|||
SIZE_T total_size = NULL;
|
||||
|
||||
KeAcquireGuardedMutex(&report_queue_config.lock);
|
||||
|
||||
report = QueuePop(&report_queue_config.head);
|
||||
|
||||
report_buffer = ExAllocatePool2(
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@ typedef struct _REPORT_HEADER
|
|||
|
||||
#define LIST_POOL_TAG 'list'
|
||||
|
||||
_IRQL_requires_max_(APC_LEVEL)
|
||||
_Acquires_lock_(_Lock_kind_mutex_)
|
||||
_Releases_lock_(_Lock_kind_mutex_)
|
||||
VOID
|
||||
|
|
@ -44,6 +45,7 @@ QueuePush(
|
|||
_In_ PVOID Data
|
||||
);
|
||||
|
||||
_IRQL_requires_max_(APC_LEVEL)
|
||||
_Acquires_lock_(_Lock_kind_mutex_)
|
||||
_Releases_lock_(_Lock_kind_mutex_)
|
||||
PVOID
|
||||
|
|
|
|||
|
|
@ -6,23 +6,23 @@
|
|||
#include "../threadpool.h"
|
||||
#include "../client.h"
|
||||
|
||||
#define IOCCTL_RUN_NMI_CALLBACKS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2001, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_VALIDATE_DRIVER_OBJECTS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2002, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_NOTIFY_DRIVER_ON_PROCESS_LAUNCH CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2004, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_HANDLE_REPORTS_IN_CALLBACK_QUEUE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2005, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_PERFORM_VIRTUALIZATION_CHECK CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2006, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_ENUMERATE_HANDLE_TABLES CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2007, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_RETRIEVE_MODULE_EXECUTABLE_REGIONS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2008, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_REQUEST_TOTAL_MODULE_SIZE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2009, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_NOTIFY_DRIVER_ON_PROCESS_TERMINATION CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2010, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_SCAN_FOR_UNLINKED_PROCESS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2011, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_VALIDATE_KPRCB_CURRENT_THREAD CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2012, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_PERFORM_INTEGRITY_CHECK CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2013, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_DETECT_ATTACHED_THREADS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2014, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_VALIDATE_PROCESS_LOADED_MODULE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2015, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_REQUEST_HARDWARE_INFORMATION CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2016, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_INITIATE_APC_OPERATION CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2017, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_CHECK_FOR_EPT_HOOK CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2018, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCCTL_RUN_NMI_CALLBACKS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20001, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_VALIDATE_DRIVER_OBJECTS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20002, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_NOTIFY_DRIVER_ON_PROCESS_LAUNCH CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20004, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_HANDLE_REPORTS_IN_CALLBACK_QUEUE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20005, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_PERFORM_VIRTUALIZATION_CHECK CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20006, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_ENUMERATE_HANDLE_TABLES CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20007, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_RETRIEVE_MODULE_EXECUTABLE_REGIONS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20008, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_REQUEST_TOTAL_MODULE_SIZE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20009, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_NOTIFY_DRIVER_ON_PROCESS_TERMINATION CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20010, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_SCAN_FOR_UNLINKED_PROCESS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20011, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_VALIDATE_KPRCB_CURRENT_THREAD CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20012, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_PERFORM_INTEGRITY_CHECK CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20013, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_DETECT_ATTACHED_THREADS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20014, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_VALIDATE_PROCESS_LOADED_MODULE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20015, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_REQUEST_HARDWARE_INFORMATION CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20016, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_INITIATE_APC_OPERATION CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20017, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define IOCTL_CHECK_FOR_EPT_HOOK CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20018, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
|
||||
#define MAX_REPORTS_PER_IRP 20
|
||||
|
||||
|
|
|
|||
|
|
@ -50,6 +50,7 @@ DWORD WINAPI Init(HINSTANCE hinstDLL)
|
|||
switch (seed)
|
||||
{
|
||||
case 0:
|
||||
// safe
|
||||
kmanager.EnumerateHandleTables();
|
||||
break;
|
||||
case 1:
|
||||
|
|
@ -59,6 +60,7 @@ DWORD WINAPI Init(HINSTANCE hinstDLL)
|
|||
kmanager.ScanPoolsForUnlinkedProcesses();
|
||||
break;
|
||||
case 3:
|
||||
//safe
|
||||
kmanager.VerifySystemModules();
|
||||
break;
|
||||
case 4:
|
||||
|
|
@ -71,9 +73,11 @@ DWORD WINAPI Init(HINSTANCE hinstDLL)
|
|||
kmanager.CheckForAttachedThreads();
|
||||
break;
|
||||
case 7:
|
||||
//safe
|
||||
kmanager.InitiateApcStackwalkOperation();
|
||||
break;
|
||||
case 8:
|
||||
//safe
|
||||
kmanager.CheckForHiddenThreads();
|
||||
break;
|
||||
case 9:
|
||||
|
|
|
|||
Loading…
Reference in a new issue