mirrors/fort
1
0
Fork 0
mirror of https://github.com/tnodir/fort synced 2024-11-15 12:05:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Driver: fortps: Simplify fort_pstree_handle_created_proc()

Browse Source
This commit is contained in:
Nodir Temirkhodjaev 2023-05-01 16:56:03 +03:00
parent 9f87b813c9
commit dd9f7ee2de
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/driver/fortps.c
View File

@ -91,6 +91,7 @@ typedef struct fort_path_buffer
typedef struct fort_psinfo_hash typedef struct fort_psinfo_hash
{ {
tommy_key_t pid_hash; tommy_key_t pid_hash;
HANDLE processHandle;
DWORD processId; DWORD processId;
DWORD parentProcessId; DWORD parentProcessId;
@ -466,11 +467,10 @@ static PFORT_PSNODE fort_pstree_handle_new_proc(PFORT_PSTREE ps_tree, PCFORT_PSI
} }
inline static void fort_pstree_handle_created_proc(PFORT_PSTREE ps_tree, inline static void fort_pstree_handle_created_proc(PFORT_PSTREE ps_tree,
PPS_CREATE_NOTIFY_INFO createInfo, PFORT_PSINFO_HASH psi, PFORT_PATH_BUFFER pb, PPS_CREATE_NOTIFY_INFO createInfo, PFORT_PSINFO_HASH psi, PFORT_PATH_BUFFER pb)
HANDLE processHandle)
{ {
/* GetProcessImageName() must be called in PASSIVE level only! */ /* GetProcessImageName() must be called in PASSIVE level only! */
const NTSTATUS status = GetProcessImageName(processHandle, pb); const NTSTATUS status = GetProcessImageName(psi->processHandle, pb);
if (!NT_SUCCESS(status)) { if (!NT_SUCCESS(status)) {
LOG("PsTree: Image Name Error: %x\n", status); LOG("PsTree: Image Name Error: %x\n", status);
return; return;
@ -508,7 +508,9 @@ inline static void fort_pstree_notify_process_created(
const HANDLE processHandle = OpenProcessById(psi->processId); const HANDLE processHandle = OpenProcessById(psi->processId);
if (processHandle != NULL) { if (processHandle != NULL) {
fort_pstree_handle_created_proc(ps_tree, createInfo, psi, pb, processHandle); psi->processHandle = processHandle;
fort_pstree_handle_created_proc(ps_tree, createInfo, psi, pb);
ZwClose(processHandle); ZwClose(processHandle);
} }
@ -647,6 +649,7 @@ inline static void fort_pstree_enum_process(PFORT_PSTREE ps_tree, PSYSTEM_PROCES
const FORT_PSINFO_HASH psi = { const FORT_PSINFO_HASH psi = {
.pid_hash = pid_hash, .pid_hash = pid_hash,
.processHandle = processHandle,
.processId = processId, .processId = processId,
.parentProcessId = parentProcessId, .parentProcessId = parentProcessId,