5 #ifndef _WINPROCESSHP_H_ 6 #define _WINPROCESSHP_H_ 20 #define IntWinGetCurrentProcess() IntWinProcFindObjectByCr3(gVcpu->Regs.Cr3) 133 #endif // _WINPROCESSHP_H_ INTSTATUS IntWinProcGetNameFromEprocess(QWORD Eprocess, CHAR *Name)
Reads a process name from the guest memory.
Exposes the types, constants and functions used to handle Windows processes events (creation...
void IntWinProcLstInsertProcess(WIN_PROCESS_OBJECT *Process)
Inserts a WIN_PROCESS_OBJECT structure into the process lists and trees.
int IntWinProcRbTreeNodeCompareUserCr3(RBNODE const *Left, RBNODE const *Right)
#define _Out_writes_bytes_(expr)
void FUNC_RbTreeNodeFree(RBNODE *Node)
void IntWinProcRbTreeNodeFree(RBNODE *Node)
The NodeFree routine for the process RBTREE structures.
INTSTATUS IntWinProcMapEprocess(QWORD Eprocess, void **Ptr)
Maps a _EPROCESS structure.
BOOLEAN IntWinProcIsEnoughHeapAvailable(void)
Checks if enough heap is available in order to protect a new process.
void IntWinProcDumpVads(const char *ProcessName)
Prints information about the VADs loaded in a process.
void IntWinProcLstUnsafeReInit(void)
Reinitializes the Windows process lists and trees, without doing any cleanup.
int INTSTATUS
The status data type.
int FUNC_RbTreeNodeCompare(RBNODE *Left, RBNODE *Right)
#define IMAGE_BASE_NAME_LEN
The maximum length of a process name.
PWIN_PROCESS_OBJECT IntWinProcFindObjectByPid(DWORD Pid)
Finds a process by its ID.
INTSTATUS IntWinProcGetNameFromInternalEprocess(QWORD Eprocess, CHAR *Name)
Get a process name from the internal Introcore buffers.
INTSTATUS(* PFUNC_IterateListCallback)(QWORD Node, QWORD Aux)
PWIN_PROCESS_OBJECT IntWinProcFindObjectByName(CHAR const *Name, BOOLEAN MustBeSystem)
Finds a process by name.
PWIN_PROCESS_OBJECT IntWinProcFindObjectByCr3(QWORD Cr3)
Finds a process by its kernel CR3.
INTSTATUS IntWinProcIterateGuestProcesses(PFUNC_IterateListCallback Callback, QWORD Aux)
Iterates the in-guest process list and calls Callback for each entry.
int IntWinProcRbTreeNodeCompareCr3(RBNODE const *Left, RBNODE const *Right)
int IntWinProcRbTreeNodeCompareEproc(RBNODE const *Left, RBNODE const *Right)
void IntWinProcLstRemoveProcess(WIN_PROCESS_OBJECT *Process)
Removes a WIN_PROCESS_OBJECT structure from the process lists and trees.
void IntWinProcDump(void)
Prints information about all the processes in the system.
INTSTATUS IntWinProcAdd(QWORD Eprocess, QWORD Aux)
Adds a new process to the Introcore list of processes.
PWIN_PROCESS_OBJECT IntWinProcFindObjectByUserCr3(QWORD Cr3)
Finds a process by its user CR3.
INTSTATUS IntWinProcIsPsActiveProcessHead(QWORD Gva)
Checks if a guest memory area is the list head of the process list (PsActiveProcessHead) ...
#define _Function_class_(expr)
INTSTATUS IntWinProcGetAgentsAsCli(PCHAR CommandLine, DWORD Length)
Returns the name and ID for all the processes injected as agents inside the guest.
PWIN_PROCESS_OBJECT IntWinProcFindObjectByEprocess(QWORD Eprocess)
Finds a process by the address of its _EPROCESS structure.
#define _Out_writes_z_(expr)
void IntWinProcDumpEgFlags(void)
Prints the mitigation flags of a process.
This structure describes a running process inside the guest.
1.8.13