forked from cheat-engine/cheat-engine
-
Notifications
You must be signed in to change notification settings - Fork 0
/
processlist.h
71 lines (59 loc) · 1.65 KB
/
processlist.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#include <ntifs.h>
#include "extradefines.h"
#include "extraimports.h"
VOID CreateProcessNotifyRoutine(IN HANDLE ParentId, IN HANDLE ProcessId, IN BOOLEAN Create);
VOID CreateProcessNotifyRoutineEx(IN HANDLE ParentId, IN HANDLE ProcessId, __in_opt PPS_CREATE_NOTIFY_INFO CreateInfo);
struct ThreadData
{
HANDLE ThreadID;
PETHREAD PEThread;
KAPC SuspendApc;
KSEMAPHORE SuspendSemaphore; //why not mutex?
int suspendcount;
struct ThreadData *previous;
struct ThreadData *next;
};
typedef struct
{
HANDLE ProcessID;
PEPROCESS PEProcess;
HANDLE ProcessHandle;
BOOLEAN Deleted;
} ProcessListData, *PProcessListData;
struct ProcessData
{
HANDLE ProcessID;
PEPROCESS PEProcess;
struct ThreadData *Threads;
struct ProcessData *previous;
struct ProcessData *next;
} *processlist;
typedef struct tagProcessEventData
{
UINT64 Created;
UINT64 ProcessID;
UINT64 PEProcess;
} ProcessEventdta;
ProcessEventdta ProcessEventdata[50];
UCHAR ProcessEventCount;
PKEVENT ProcessEvent;
//HANDLE ProcessEventHandle;
BOOLEAN CreateProcessNotifyRoutineEnabled;
ERESOURCE ProcesslistR;
VOID CreateThreadNotifyRoutine(IN HANDLE ProcessId, IN HANDLE ThreadId, IN BOOLEAN Create);
typedef struct tagThreadEventData
{
BOOLEAN Created;
UINT64 ProcessID;
UINT64 ThreadID;
} ThreadEventDta;
ThreadEventDta ThreadEventData[50];
UCHAR ThreadEventCount;
PKEVENT ThreadEvent;
//HANDLE ThreadEventHandle;
extern HANDLE WatcherHandle;
extern PEPROCESS WatcherProcess;
extern BOOLEAN ProcessWatcherOpensHandles;
BOOLEAN CreateThreadNotifyRoutineEnabled;
VOID CleanProcessList();
HANDLE GetHandleForProcessID(IN HANDLE ProcessID);