Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
freefirex committed May 10, 2022
2 parents 282c12e + 751db57 commit f2cd79a
Showing 1 changed file with 2 additions and 16 deletions.
18 changes: 2 additions & 16 deletions src/Remote/ProcessDestroy/entry.c
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,6 @@ typedef NTSTATUS (NTAPI *_NtDuplicateObject)(
ULONG Attributes,
ULONG Options
);
typedef NTSTATUS (NTAPI *_NtQueryObject)(
HANDLE ObjectHandle,
ULONG ObjectInformationClass,
PVOID ObjectInformation,
ULONG ObjectInformationLength,
PULONG ReturnLength
);


typedef struct _SYSTEM_HANDLE {
ULONG ProcessId;
Expand Down Expand Up @@ -64,15 +56,11 @@ DWORD cutit(DWORD pid, USHORT handleID)
{
DWORD dwErrorCode = ERROR_SUCCESS;
HANDLE processHandle = NULL;
_NtQuerySystemInformation NtQuerySystemInformation = NULL;
_NtDuplicateObject NtDuplicateObject = NULL;
_NtQueryObject NtQueryObject = NULL;

NtQuerySystemInformation = GetLibraryProcAddress("ntdll.dll", "NtQuerySystemInformation");
NtDuplicateObject = GetLibraryProcAddress("ntdll.dll", "NtDuplicateObject");
NtQueryObject = GetLibraryProcAddress("ntdll.dll", "NtQueryObject");

if ((NULL == NtQuerySystemInformation)||(NULL == NtDuplicateObject)||(NULL == NtQueryObject)) {
if (NULL == NtDuplicateObject) {
dwErrorCode = ERROR_INVALID_FUNCTION;
internal_printf("Failed to resolve NT functions.\n");
goto cutit_end;
Expand Down Expand Up @@ -120,13 +108,11 @@ DWORD killit(DWORD pid) {
ULONG i = 0;
_NtQuerySystemInformation NtQuerySystemInformation = NULL;
_NtDuplicateObject NtDuplicateObject = NULL;
_NtQueryObject NtQueryObject = NULL;

NtQuerySystemInformation = GetLibraryProcAddress("ntdll.dll", "NtQuerySystemInformation");
NtDuplicateObject = GetLibraryProcAddress("ntdll.dll", "NtDuplicateObject");
NtQueryObject = GetLibraryProcAddress("ntdll.dll", "NtQueryObject");

if ((NULL == NtQuerySystemInformation)||(NULL == NtDuplicateObject)||(NULL == NtQueryObject)) {
if ((NULL == NtQuerySystemInformation)||(NULL == NtDuplicateObject)) {
dwErrorCode = ERROR_INVALID_FUNCTION;
internal_printf("Failed to resolve NT functions.\n");
goto killit_end;
Expand Down

0 comments on commit f2cd79a

Please sign in to comment.