C++ (Cpp) PsSetCreateThreadNotifyRoutine Beispiele

Programmiersprache: C++ (Cpp)

Methode / Funktion: PsSetCreateThreadNotifyRoutine

Beispiele auf hotexamples.com: 3

C++ (Cpp) PsSetCreateThreadNotifyRoutine - 3 Beispiele gefunden. Dies sind die am besten bewerteten C++ (Cpp) Beispiele für die PsSetCreateThreadNotifyRoutine, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Beispiel #1

Datei anzeigen

Datei: barrier.c Projekt: marchon/pokerbridge

NTSTATUS LhBarrierProcessAttach()
{
/*
Description:

    Will be called on DLL load and initializes all barrier structures.
*/
	RtlZeroMemory(&Unit, sizeof(Unit));

	// globally accept all threads...
	Unit.GlobalACL.IsExclusive = TRUE;

	// allocate private heap
    RtlInitializeLock(&Unit.TLS.ThreadSafe);

#ifndef DRIVER

    Unit.IsInitialized = AuxUlibInitialize()?TRUE:FALSE;

	return STATUS_SUCCESS;

#else

	// we also have to emulate a thread detach event...
	Unit.IsInitialized = TRUE;

	return PsSetCreateThreadNotifyRoutine(OnThreadDetach);

#endif
}

Beispiel #2

Datei anzeigen

Datei: locking.c Projekt: EternalKeel/CodeMachineCourse

NTSTATUS 
DriverEntry(
    PDRIVER_OBJECT DriverObject,
    PUNICODE_STRING RegistryPath )
{
    NTSTATUS            Status;

    UNREFERENCED_PARAMETER(RegistryPath);

    DriverObject->DriverUnload  = DriverUnload;

    DbgPrint ( "%s DriverObject=%p\n", __FUNCTION__, DriverObject );

    // Step #1 : Initialize the lock that protects the g_Tidxxx globals (ExInitializeResourceLite())
    ExInitializeResourceLite(&g_TidLock);

    Status = PsSetCreateThreadNotifyRoutine( ThreadNotifyCallback ); 
    if ( ! NT_SUCCESS ( Status ) ) {
        DbgPrint ( "%s PsSetCreateThreadNotifyRoutine() FAIL=%08x\n", __FUNCTION__, Status );
        goto Exit;
    }

    Status = STATUS_SUCCESS;

Exit :
    return Status;
}

Beispiel #3

Datei anzeigen

Datei: irpMjFunctions.c Projekt: killbug2004/Oregano

/*
 * io_control_start_trace
 *
 * Arguments:
 *      irp
 *      io_stack_irp
 *      input_buffer
 *      output_buffer
 */
NTSTATUS io_control_start_trace(
        PIRP irp,
        PIO_STACK_LOCATION  io_stack_irp,
        unsigned char * input_buffer,
        unsigned char * output_buffer )
{
    /* Default return code is success */
    NTSTATUS    return_ntstatus = STATUS_SUCCESS;
    /* Temp thread context */
    static ThreadContext unknownThread = {0};

    UNREFERENCED_PARAMETER(irp);
    UNREFERENCED_PARAMETER(io_stack_irp);
    UNREFERENCED_PARAMETER(input_buffer);
    UNREFERENCED_PARAMETER(output_buffer);

    /* Is valid process */
    if ((0 == targetProcessId) || (NULL == target_process)) {
        KdPrint( ("Oregano: io_control_start_trace: Can't log process id 0\r\n") );
        return STATUS_DATA_ERROR;
    }

    /* Set the current thread, to unknown */
    lastContext = &unknownThread;

    /* Set the trace flag */
    KdPrint( ("Oregano: io_control_start_trace: setting trace flag for process %p\r\n", targetProcessId) );
    setTrapFlagForAllThreads(targetProcessId);
    /* Set notify routine to install hooks on new threads,
        Iff it is not installed already, and we set the trace all threads */
    if ((FALSE == is_new_thread_handler_installed) && (0 == targetThreadId)) {
		KdPrint(( "Oregano: io_control_start_trace: Setting new thread notifier\r\n" ));
        return_ntstatus = PsSetCreateThreadNotifyRoutine( newThreadHandler );
        if (FALSE != NT_SUCCESS(return_ntstatus)) {
            is_new_thread_handler_installed = TRUE;
        } else {
            KdPrint(( "Oregano: io_control_start_trace: Can't set new thread notifier\r\n" ));
        }
    }

    return return_ntstatus;
}