HOOKDEF(NTSTATUS, WINAPI, NtDelayExecution,
__in BOOLEAN Alertable,
__in PLARGE_INTEGER DelayInterval
) {
NTSTATUS ret = 0;
// do we want to skip this sleep?
if(sleep_skip_active != 0) {
FILETIME ft; LARGE_INTEGER li;
GetSystemTimeAsFileTime(&ft);
li.HighPart = ft.dwHighDateTime;
li.LowPart = ft.dwLowDateTime;
// check if we're still within the hardcoded limit
if(li.QuadPart < time_start.QuadPart + MAX_SLEEP_SKIP_DIFF * 10000) {
time_skipped.QuadPart += -DelayInterval->QuadPart;
// notify how much we've skipped
unsigned long milli = -DelayInterval->QuadPart / 10000;
LOQ("ls", "Milliseconds", milli, "Status", "Skipped");
return ret;
}
else {
sleep_skip_active = 0;
}
}
unsigned long milli = -DelayInterval->QuadPart / 10000;
LOQ2("l", "Milliseconds", milli);
return Old_NtDelayExecution(Alertable, DelayInterval);
}
HOOKDEF(NTSTATUS, WINAPI, NtDelayExecution,
__in BOOLEAN Alertable,
__in PLARGE_INTEGER DelayInterval
) {
int ret = 0;
LOQ("l", "Milliseconds", -DelayInterval->QuadPart / 10000);
return Old_NtDelayExecution(Alertable, DelayInterval);
}
