void RestoreNtdllHooks( HOOK_DLL_EXCHANGE * dllexchange, HANDLE hProcess )
{
#ifndef _WIN64
if (IsSysWow64())
{
RestoreMemory(hProcess, sysWowSpecialJmpAddress, sysWowSpecialJmp, sizeof(sysWowSpecialJmp));
}
else
{
RestoreMemory(hProcess, KiSystemCallAddress, KiSystemCallBackup, sizeof(KiSystemCallBackup));
}
#else
RESTORE_JMP(NtClose);
RESTORE_JMP(NtContinue);
RESTORE_JMP(NtCreateThreadEx);
RESTORE_JMP(NtCreateThread);
RESTORE_JMP(NtSetContextThread);
RESTORE_JMP(NtGetContextThread);
RESTORE_JMP(NtYieldExecution);
RESTORE_JMP(NtQueryObject);
RESTORE_JMP(NtSetInformationProcess);
RESTORE_JMP(NtQueryInformationProcess);
RESTORE_JMP(NtQuerySystemInformation);
RESTORE_JMP(NtSetInformationThread);
#endif
FREE_HOOK(NtClose);
FREE_HOOK(NtContinue);
FREE_HOOK(NtCreateThreadEx);
FREE_HOOK(NtCreateThread);
FREE_HOOK(NtSetContextThread);
FREE_HOOK(NtGetContextThread);
FREE_HOOK(NtYieldExecution);
FREE_HOOK(NtQueryObject);
FREE_HOOK(NtSetInformationProcess);
FREE_HOOK(NtQueryInformationProcess);
FREE_HOOK(NtQuerySystemInformation);
FREE_HOOK(NtSetInformationThread);
RESTORE_JMP(KiUserExceptionDispatcher);
FREE_HOOK(KiUserExceptionDispatcher);
dllexchange->isNtdllHooked = FALSE;
}
void RestoreJumper(HANDLE hProcess, void* address, void * backupAddress, DWORD backupSize)
{
if (address && backupAddress && backupSize)
{
void * backup = malloc(backupSize);
if (backup)
{
if (ReadProcessMemory(hProcess, backupAddress, backup, backupSize, 0))
{
RestoreMemory(hProcess, (DWORD_PTR)address, backup, backupSize);
}
free(backup);
}
}
}
Spline2d::~Spline2d()
{
RestoreMemory();
}