diff --git a/driver/callbacks.c b/driver/callbacks.c index 2a28559..ded2d41 100644 --- a/driver/callbacks.c +++ b/driver/callbacks.c @@ -14,7 +14,10 @@ VOID InitCallbackReportQueue( PBOOLEAN Status ) report_queue = QueueCreate(); if ( report_queue == NULL ) + { *Status = FALSE; + return; + } KeInitializeGuardedMutex( &mutex ); @@ -125,6 +128,11 @@ OB_PREOP_CALLBACK_STATUS ObPreOpCallbackRoutine( LPCSTR process_creator_name = PsGetProcessImageFileName( process_creator ); LPCSTR target_process_name = PsGetProcessImageFileName( target_process ); + /* + * NOTE for whatever fukin reason this shit prevent notepad rfom launching need + * 2 fix lol + */ + if ( !strcmp( "notepad.exe", target_process_name) ) { if ( !strcmp( process_creator_name, "lsass.exe" ) || !strcmp( process_creator_name, "csrss.exe" ) ) diff --git a/driver/queue.c b/driver/queue.c index 182c630..db9cb8d 100644 --- a/driver/queue.c +++ b/driver/queue.c @@ -15,6 +15,7 @@ PQUEUE_HEAD QueueCreate() head->start = NULL; head->entries = 0; + __debugbreak(); KeInitializeSpinLock( &head->lock ); return head;