From 2acec63b2ed75bf4b71ad257db573c4b8f9639e7 Mon Sep 17 00:00:00 2001
From: tumagonx
Date: Tue, 8 Aug 2017 10:54:53 +0700
Subject: initial commit

---
 procname.h | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 procname.h

(limited to 'procname.h')

diff --git a/procname.h b/procname.h
new file mode 100644
index 0000000..01145a9
--- /dev/null
+++ b/procname.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
+ *
+ * Module Name:
+ *
+ *		procname.h
+ *
+ * Abstract:
+ *
+ *		This module defines various types used by process id to process name conversion routines.
+ *
+ * Author:
+ *
+ *		Eugene Tsyrklevich 23-Feb-2004
+ *
+ * Revision History:
+ *
+ *		07-Apr-2004 ET - Copied from process.h
+ */
+
+#ifndef __PROCNAME_H__
+#define __PROCNAME_H__
+
+
+#include "userland.h"
+
+
+typedef struct	_IMAGE_PID_ENTRY
+{
+	struct _IMAGE_PID_ENTRY		*next;
+	ULONG						ProcessId;
+	ULONG						ParentId;
+	BOOLEAN						FirstThread;				// Was more than one thread already created?
+															// (some actions need to take place only in the main thread)
+	UCHAR						WaitingForUserRequestId;	// contains the sequence id of the reply we are waiting for
+	KEVENT						UserlandRequestDoneEvent;
+	PUSERLAND_REPLY_HEADER		UserlandReply;
+	SECURITY_POLICY				SecPolicy;
+	WCHAR						ImageName[1];
+
+} IMAGE_PID_ENTRY, *PIMAGE_PID_ENTRY;
+
+
+/*
+ * 1. The following number should be prime.
+ * 2. It should also be slightly larger than the "average" number of processes of any given machine to
+ *    minimize the number of hash table collisions (we want O(1) access) and at the same time not
+ *    eating up too much memory (gImagePidHtbl[]).
+ */
+#define	IMAGE_PID_HASHTABLE_SIZE	67
+
+extern IMAGE_PID_ENTRY	gImagePidHtbl[IMAGE_PID_HASHTABLE_SIZE];
+
+extern USHORT			ProcessNameOffset, ThreadServiceTableOffset;
+extern BOOLEAN			BootingUp;
+
+
+BOOLEAN				InitProcessNameEntries();
+VOID				RemoveProcessNameEntries();
+PIMAGE_PID_ENTRY	FindImagePidEntry(ULONG ProcessId, ULONG ParentId);
+BOOLEAN				ProcessInsertImagePidEntry(ULONG ProcessId, PIMAGE_PID_ENTRY NewProcess);
+PIMAGE_PID_ENTRY	CreateNewProcessEntry(ULONG ProcessId, ULONG ParentId, PUNICODE_STRING ProcessName, BOOLEAN NewProcess);
+//PIMAGE_PID_ENTRY	CreateAndLoadNewProcessEntry(ULONG ProcessId, PUNICODE_STRING ProcessName, BOOLEAN NewProcess);
+VOID				EnumerateExistingProcesses();
+PWCHAR				GetCurrentProcessName();
+
+
+#endif	/* __PROCNAME_H__ */
\ No newline at end of file
-- 
cgit v1.3