diff --git a/driver/callbacks.c b/driver/callbacks.c index b55bc31..a5314f8 100644 --- a/driver/callbacks.c +++ b/driver/callbacks.c @@ -404,7 +404,7 @@ EnumerateProcessModuleList(_In_ HANDLE ProcessId, _In_ PROCESS_MODULE_CALLBACK Callback, _In_opt_ PVOID Context) { - UINT32 index = 0; + INT32 index = 0; PRTL_HASHMAP map = GetProcessHashmap(); BOOLEAN ret = FALSE; PPROCESS_LIST_ENTRY entry = NULL; @@ -721,6 +721,8 @@ ThreadCreateNotifyRoutine(_In_ HANDLE ProcessId, ImpPsLookupThreadByThreadId(ThreadId, &thread); ImpPsLookupProcessByProcessId(ProcessId, &process); + /* ideally we should dereference the other but this shouldnt really ever + * fail */ if (!thread || !process) return; @@ -732,9 +734,6 @@ ThreadCreateNotifyRoutine(_In_ HANDLE ProcessId, if (!entry) goto end; - ImpObfReferenceObject(thread); - ImpObfReferenceObject(process); - entry->thread_id = ThreadId; entry->thread = thread; entry->owning_process = process; diff --git a/driver/containers/tree.c b/driver/containers/tree.c index 3f28e33..db3f6b4 100644 --- a/driver/containers/tree.c +++ b/driver/containers/tree.c @@ -106,9 +106,9 @@ RtlRbTreePrintCurrentStatistics(_In_ PRB_TREE Tree) * - This stores the size of the objects that will be stored in the tree. It * is used to allocate memory for the nodes. * - Lets say each node needs to have a THREAD_LIST_ENTRY object. The - * ObjectSize = sizeof(THREAD_LIST_OBJECT) and in turn will mean each node will - * be of size: sizeof(THREAD_LIST_OBJECT) + sizeof(RB_TREE_NODE). This is also - * this size the lookaside list pools will be set to. + * ObjectSize = sizeof(THREAD_LIST_OBJECT) and in turn will mean each node will + * be of size: sizeof(THREAD_LIST_OBJECT) + sizeof(RB_TREE_NODE). This is also + * this size the lookaside list pools will be set to. * * > `LOOKASIDE_LIST_EX pool`: * - This is a lookaside list that provides a fast, efficient way to allocate @@ -552,7 +552,7 @@ RtlpRbTreeTransplant(_In_ PRB_TREE Tree, } STATIC -PVOID +PRB_TREE_NODE RtlpRbTreeFindNode(_In_ PRB_TREE Tree, _In_ PVOID Key) { INT32 result = 0;