VOID PhInitializeKph( VOID ) { static PH_STRINGREF kprocesshacker = PH_STRINGREF_INIT(L"kprocesshacker.sys"); static PH_STRINGREF processhackerSig = PH_STRINGREF_INIT(L"ProcessHacker.sig"); PPH_STRING kprocesshackerFileName; PPH_STRING processhackerSigFileName; KPH_PARAMETERS parameters; PUCHAR signature; ULONG signatureSize; if (WindowsVersion < WINDOWS_7) return; kprocesshackerFileName = PhConcatStringRef2(&PhApplicationDirectory->sr, &kprocesshacker); processhackerSigFileName = PhConcatStringRef2(&PhApplicationDirectory->sr, &processhackerSig); parameters.SecurityLevel = KphSecurityPrivilegeCheck; parameters.CreateDynamicConfiguration = TRUE; KphConnect2Ex(KPH_DEVICE_SHORT_NAME, kprocesshackerFileName->Buffer, ¶meters); if (signature = PhpReadSignature(processhackerSigFileName->Buffer, &signatureSize)) { KphVerifyClient(signature, signatureSize); PhFree(signature); } PhDereferenceObject(kprocesshackerFileName); PhDereferenceObject(processhackerSigFileName); }
NTSTATUS KphConnect2( _In_opt_ PWSTR DeviceName, _In_ PWSTR FileName ) { return KphConnect2Ex(DeviceName, FileName, NULL); }
VOID PhInitializeKph( VOID ) { static PH_STRINGREF kprocesshacker = PH_STRINGREF_INIT(L"kprocesshacker.sys"); PPH_STRING kprocesshackerFileName; KPH_PARAMETERS parameters; // Append kprocesshacker.sys to the application directory. kprocesshackerFileName = PhConcatStringRef2(&PhApplicationDirectory->sr, &kprocesshacker); parameters.SecurityLevel = KphSecurityPrivilegeCheck; parameters.CreateDynamicConfiguration = TRUE; KphConnect2Ex(L"KProcessHacker2", kprocesshackerFileName->Buffer, ¶meters); PhDereferenceObject(kprocesshackerFileName); }