mirror of
https://github.com/tnodir/fort
synced 2024-11-15 01:47:47 +00:00
Driver: fortps: Prepare fort_pstree_get_svchost_name()
This commit is contained in:
parent
80c345f71d
commit
ed416b2588
@ -402,9 +402,12 @@ inline static BOOL fort_callout_ale_fill_path_sid(PCFORT_CALLOUT_ARG ca, PFORT_C
|
|||||||
continue; // not "NT Authority"
|
continue; // not "NT Authority"
|
||||||
|
|
||||||
// Get Service Name by SID
|
// Get Service Name by SID
|
||||||
// TODO
|
cx->path.buffer = cx->svchost_name;
|
||||||
|
|
||||||
return FALSE;
|
if (fort_pstree_get_svchost_name(&fort_device()->ps_tree, &subAuth[1], &cx->path))
|
||||||
|
return TRUE;
|
||||||
|
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
@ -60,6 +60,7 @@ typedef struct fort_callout_ale_extra
|
|||||||
|
|
||||||
FORT_APP_PATH path;
|
FORT_APP_PATH path;
|
||||||
FORT_APP_PATH real_path;
|
FORT_APP_PATH real_path;
|
||||||
|
WCHAR svchost_name[80];
|
||||||
|
|
||||||
PIRP irp;
|
PIRP irp;
|
||||||
ULONG_PTR info;
|
ULONG_PTR info;
|
||||||
|
@ -826,6 +826,26 @@ FORT_API BOOL fort_pstree_get_proc_name(PFORT_PSTREE ps_tree, DWORD processId, P
|
|||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static BOOL fort_pstree_get_svchost_name_locked(
|
||||||
|
PFORT_PSTREE ps_tree, const DWORD *sidBytes, PFORT_APP_PATH path)
|
||||||
|
{
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
BOOL fort_pstree_get_svchost_name(PFORT_PSTREE ps_tree, const DWORD *sidBytes, PFORT_APP_PATH path)
|
||||||
|
{
|
||||||
|
BOOL res;
|
||||||
|
|
||||||
|
KLOCK_QUEUE_HANDLE lock_queue;
|
||||||
|
KeAcquireInStackQueuedSpinLock(&ps_tree->lock, &lock_queue);
|
||||||
|
{
|
||||||
|
res = fort_pstree_get_svchost_name_locked(ps_tree, sidBytes, path);
|
||||||
|
}
|
||||||
|
KeReleaseInStackQueuedSpinLock(&lock_queue);
|
||||||
|
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
|
||||||
inline static void fort_pstree_update_service_proc(
|
inline static void fort_pstree_update_service_proc(
|
||||||
PFORT_PSTREE ps_tree, PCUNICODE_STRING serviceName, DWORD processId)
|
PFORT_PSTREE ps_tree, PCUNICODE_STRING serviceName, DWORD processId)
|
||||||
{
|
{
|
||||||
|
@ -37,6 +37,9 @@ FORT_API void fort_pstree_enum_processes(PFORT_PSTREE ps_tree);
|
|||||||
FORT_API BOOL fort_pstree_get_proc_name(PFORT_PSTREE ps_tree, DWORD processId, PFORT_APP_PATH path,
|
FORT_API BOOL fort_pstree_get_proc_name(PFORT_PSTREE ps_tree, DWORD processId, PFORT_APP_PATH path,
|
||||||
BOOL *isSvcHost, BOOL *inherited);
|
BOOL *isSvcHost, BOOL *inherited);
|
||||||
|
|
||||||
|
FORT_API BOOL fort_pstree_get_svchost_name(
|
||||||
|
PFORT_PSTREE ps_tree, const DWORD *sidBytes, PFORT_APP_PATH path);
|
||||||
|
|
||||||
FORT_API void fort_pstree_update_services(
|
FORT_API void fort_pstree_update_services(
|
||||||
PFORT_PSTREE ps_tree, const PFORT_SERVICE_INFO_LIST services, ULONG data_len);
|
PFORT_PSTREE ps_tree, const PFORT_SERVICE_INFO_LIST services, ULONG data_len);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user