Created
February 24, 2020 06:36
-
-
Save hfiref0x/5734347a98f51de0e8080a273f9b8bca to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| __int64 __fastcall DrvDispatch(PDEVICE_OBJECT DeviceObject, _IRP *Irp) | |
| { | |
| _IO_STACK_LOCATION *StackLocation; | |
| _IRP *_Irp; | |
| __int64 Id; | |
| StackLocation = Irp->Tail.Overlay.CurrentStackLocation; | |
| _Irp = Irp; | |
| switch ( StackLocation->Parameters.DeviceIoControl.IoControlCode ) | |
| { | |
| case 0x220007u: | |
| EnableObFilter = 0; | |
| break; | |
| case 0x220015u: | |
| EnableObFilter = 1; | |
| break; | |
| case 0x220019u: | |
| Id = Irp->AssociatedIrp.SystemBuffer; | |
| if ( *Id < 0x42u && *Id != 0x3C ) | |
| g_PidList[*Id] = PsGetCurrentProcessId(); | |
| break; | |
| } | |
| _Irp->IoStatus.Status = 0; | |
| IofCompleteRequest(_Irp, 0); | |
| return 0i64; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment