VOID PhInitializeKph(
VOID
)
{
static PH_STRINGREF kprocesshacker = PH_STRINGREF_INIT(L"kprocesshacker.sys");
static PH_STRINGREF processhackerSig = PH_STRINGREF_INIT(L"ProcessHacker.sig");
PPH_STRING kprocesshackerFileName;
PPH_STRING processhackerSigFileName;
KPH_PARAMETERS parameters;
PUCHAR signature;
ULONG signatureSize;
if (WindowsVersion < WINDOWS_7)
return;
kprocesshackerFileName = PhConcatStringRef2(&PhApplicationDirectory->sr, &kprocesshacker);
processhackerSigFileName = PhConcatStringRef2(&PhApplicationDirectory->sr, &processhackerSig);
parameters.SecurityLevel = KphSecurityPrivilegeCheck;
parameters.CreateDynamicConfiguration = TRUE;
KphConnect2Ex(KPH_DEVICE_SHORT_NAME, kprocesshackerFileName->Buffer, ¶meters);
if (signature = PhpReadSignature(processhackerSigFileName->Buffer, &signatureSize))
{
KphVerifyClient(signature, signatureSize);
PhFree(signature);
}
PhDereferenceObject(kprocesshackerFileName);
PhDereferenceObject(processhackerSigFileName);
}
NTSTATUS KphConnect2(
_In_opt_ PWSTR DeviceName,
_In_ PWSTR FileName
)
{
return KphConnect2Ex(DeviceName, FileName, NULL);
}
VOID PhInitializeKph(
VOID
)
{
static PH_STRINGREF kprocesshacker = PH_STRINGREF_INIT(L"kprocesshacker.sys");
PPH_STRING kprocesshackerFileName;
KPH_PARAMETERS parameters;
// Append kprocesshacker.sys to the application directory.
kprocesshackerFileName = PhConcatStringRef2(&PhApplicationDirectory->sr, &kprocesshacker);
parameters.SecurityLevel = KphSecurityPrivilegeCheck;
parameters.CreateDynamicConfiguration = TRUE;
KphConnect2Ex(L"KProcessHacker2", kprocesshackerFileName->Buffer, ¶meters);
PhDereferenceObject(kprocesshackerFileName);
}
