initial commit

author: tumagonx 2017-08-08 10:54:53 +0700
committer: tumagonx 2017-08-08 10:54:53 +0700
commit: 2acec63b2ed75bf4b71ad257db573c4b8f9639e7 (patch)
tree: a8bea139ddd26116d44ea182b0b8436f2162e6e3 /procname.h
1 files changed, 68 insertions, 0 deletions
diff --git a/procname.h b/procname.h
new file mode 100644
index 0000000..01145a9
--- /dev/null
+++ b/procname.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
+ *
+ * Module Name:
+ *
+ *              procname.h
+ *
+ * Abstract:
+ *
+ *              This module defines various types used by process id to process name conversion routines.
+ *
+ * Author:
+ *
+ *              Eugene Tsyrklevich 23-Feb-2004
+ *
+ * Revision History:
+ *
+ *              07-Apr-2004 ET - Copied from process.h
+ */
+#ifndef __PROCNAME_H__
+#define __PROCNAME_H__
+#include "userland.h"
+typedef struct  _IMAGE_PID_ENTRY
+{
+        struct _IMAGE_PID_ENTRY         *next;
+        ULONG                                           ProcessId;
+        ULONG                                           ParentId;
+        BOOLEAN                                         FirstThread;                            // Was more than one thread already created?
+                                                                                                                        // (some actions need to take place only in the main thread)
+        UCHAR                                           WaitingForUserRequestId;        // contains the sequence id of the reply we are waiting for
+        KEVENT                                          UserlandRequestDoneEvent;
+        PUSERLAND_REPLY_HEADER          UserlandReply;
+        SECURITY_POLICY                         SecPolicy;
+        WCHAR                                           ImageName[1];
+} IMAGE_PID_ENTRY, *PIMAGE_PID_ENTRY;
+/*
+ * 1. The following number should be prime.
+ * 2. It should also be slightly larger than the "average" number of processes of any given machine to
+ *    minimize the number of hash table collisions (we want O(1) access) and at the same time not
+ *    eating up too much memory (gImagePidHtbl[]).
+ */
+#define IMAGE_PID_HASHTABLE_SIZE        67
+extern IMAGE_PID_ENTRY  gImagePidHtbl[IMAGE_PID_HASHTABLE_SIZE];
+extern USHORT                   ProcessNameOffset, ThreadServiceTableOffset;
+extern BOOLEAN                  BootingUp;
+BOOLEAN                         InitProcessNameEntries();
+VOID                            RemoveProcessNameEntries();
+PIMAGE_PID_ENTRY        FindImagePidEntry(ULONG ProcessId, ULONG ParentId);
+BOOLEAN                         ProcessInsertImagePidEntry(ULONG ProcessId, PIMAGE_PID_ENTRY NewProcess);
+PIMAGE_PID_ENTRY        CreateNewProcessEntry(ULONG ProcessId, ULONG ParentId, PUNICODE_STRING ProcessName, BOOLEAN NewProcess);
+//PIMAGE_PID_ENTRY      CreateAndLoadNewProcessEntry(ULONG ProcessId, PUNICODE_STRING ProcessName, BOOLEAN NewProcess);
+VOID                            EnumerateExistingProcesses();
+PWCHAR                          GetCurrentProcessName();
+#endif  /* __PROCNAME_H__ */
+\ No newline at end of file
author	tumagonx	2017-08-08 10:54:53 +0700
committer	tumagonx	2017-08-08 10:54:53 +0700
commit	2acec63b2ed75bf4b71ad257db573c4b8f9639e7 (patch)
tree	a8bea139ddd26116d44ea182b0b8436f2162e6e3 /procname.h

diff --git a/procname.h b/procname.h new file mode 100644 index 0000000..01145a9 --- /dev/null +++ b/procname.h
@@ -0,0 +1,68 @@
	1	/*
	2	* Copyright (c) 2004 Security Architects Corporation. All rights reserved.
	3	*
	4	* Module Name:
	5	*
	6	* procname.h
	7	*
	8	* Abstract:
	9	*
	10	* This module defines various types used by process id to process name conversion routines.
	11	*
	12	* Author:
	13	*
	14	* Eugene Tsyrklevich 23-Feb-2004
	15	*
	16	* Revision History:
	17	*
	18	* 07-Apr-2004 ET - Copied from process.h
	19	*/
	20
	21	#ifndef __PROCNAME_H__
	22	#define __PROCNAME_H__
	23
	24
	25	#include "userland.h"
	26
	27
	28	typedef struct _IMAGE_PID_ENTRY
	29	{
	30	struct _IMAGE_PID_ENTRY *next;
	31	ULONG ProcessId;
	32	ULONG ParentId;
	33	BOOLEAN FirstThread; // Was more than one thread already created?
	34	// (some actions need to take place only in the main thread)
	35	UCHAR WaitingForUserRequestId; // contains the sequence id of the reply we are waiting for
	36	KEVENT UserlandRequestDoneEvent;
	37	PUSERLAND_REPLY_HEADER UserlandReply;
	38	SECURITY_POLICY SecPolicy;
	39	WCHAR ImageName[1];
	40
	41	} IMAGE_PID_ENTRY, *PIMAGE_PID_ENTRY;
	42
	43
	44	/*
	45	* 1. The following number should be prime.
	46	* 2. It should also be slightly larger than the "average" number of processes of any given machine to
	47	* minimize the number of hash table collisions (we want O(1) access) and at the same time not
	48	* eating up too much memory (gImagePidHtbl[]).
	49	*/
	50	#define IMAGE_PID_HASHTABLE_SIZE 67
	51
	52	extern IMAGE_PID_ENTRY gImagePidHtbl[IMAGE_PID_HASHTABLE_SIZE];
	53
	54	extern USHORT ProcessNameOffset, ThreadServiceTableOffset;
	55	extern BOOLEAN BootingUp;
	56
	57
	58	BOOLEAN InitProcessNameEntries();
	59	VOID RemoveProcessNameEntries();
	60	PIMAGE_PID_ENTRY FindImagePidEntry(ULONG ProcessId, ULONG ParentId);
	61	BOOLEAN ProcessInsertImagePidEntry(ULONG ProcessId, PIMAGE_PID_ENTRY NewProcess);
	62	PIMAGE_PID_ENTRY CreateNewProcessEntry(ULONG ProcessId, ULONG ParentId, PUNICODE_STRING ProcessName, BOOLEAN NewProcess);
	63	//PIMAGE_PID_ENTRY CreateAndLoadNewProcessEntry(ULONG ProcessId, PUNICODE_STRING ProcessName, BOOLEAN NewProcess);
	64	VOID EnumerateExistingProcesses();
	65	PWCHAR GetCurrentProcessName();
	66
	67
	68	#endif /* __PROCNAME_H__ */ \ No newline at end of file