mirrors/fort
1
0
Fork 0
mirror of https://github.com/tnodir/fort synced 2024-11-15 11:35:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Driver: PsTree: Refactor debug output

Browse Source
This commit is contained in:
Nodir Temirkhodjaev 2022-02-09 10:02:25 +03:00
parent 861f01cbeb
commit 8d2ad778f0
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/driver/fortps.c
View File

@ -434,17 +434,15 @@ static NTSTATUS GetCurrentProcessPathArgs(PUNICODE_STRING path, PUNICODE_STRING
PROCESS_BASIC_INFORMATION procBasicInfo; PROCESS_BASIC_INFORMATION procBasicInfo;
status = ZwQueryInformationProcess(ZwCurrentProcess(), ProcessBasicInformation, &procBasicInfo, status = ZwQueryInformationProcess(ZwCurrentProcess(), ProcessBasicInformation, &procBasicInfo,
sizeof(PROCESS_BASIC_INFORMATION), NULL); sizeof(PROCESS_BASIC_INFORMATION), NULL);
if (!NT_SUCCESS(status)) { if (!NT_SUCCESS(status))
LOG("PsTree: Query Process Error: %x\n", status);
return status; return status;
}
if (procBasicInfo.PebBaseAddress == NULL) { if (procBasicInfo.PebBaseAddress == NULL)
LOG("PsTree: Query Process Error: PebBaseAddress\n");
return STATUS_INVALID_ADDRESS; return STATUS_INVALID_ADDRESS;
}
PRTL_USER_PROCESS_PARAMETERS params = procBasicInfo.PebBaseAddress->ProcessParameters; PRTL_USER_PROCESS_PARAMETERS params = procBasicInfo.PebBaseAddress->ProcessParameters;
if (params == NULL)
return STATUS_INVALID_ADDRESS;
path->Length = params->ImagePathName.Length; path->Length = params->ImagePathName.Length;
path->MaximumLength = params->ImagePathName.Length; path->MaximumLength = params->ImagePathName.Length;
@ -485,6 +483,8 @@ static void fort_pstree_attach_process(PSYSTEM_PROCESSES processEntry, HANDLE pr
.CommandLine = &commandLine }; .CommandLine = &commandLine };
fort_pstree_notify(/*process=*/NULL, processId, &createInfo); fort_pstree_notify(/*process=*/NULL, processId, &createInfo);
} else {
LOG("PsTree: Query Process Error: pid=%d %x\n", processEntry->ProcessId, status);
} }
} }
KeUnstackDetachProcess(&apcState); KeUnstackDetachProcess(&apcState);