1.0.3
This commit is contained in:
parent
36cc77873c
commit
48168984b0
|
@ -282,10 +282,10 @@ _FX BOOLEAN Syscall_Init_List(void)
|
|||
// preapre the enabled/disabled lists
|
||||
//
|
||||
|
||||
//LIST enabled_hooks;
|
||||
//LIST disabled_hooks;
|
||||
//Syscall_LoadHookMap(L"EnableNtDllHook", &enabled_hooks);
|
||||
//Syscall_LoadHookMap(L"DisableNtDllHook", &disabled_hooks);
|
||||
LIST enabled_hooks;
|
||||
LIST disabled_hooks;
|
||||
Syscall_LoadHookMap(L"EnableNtDllHook", &enabled_hooks);
|
||||
Syscall_LoadHookMap(L"DisableNtDllHook", &disabled_hooks);
|
||||
|
||||
//
|
||||
// scan each ZwXxx export in NTDLL
|
||||
|
@ -337,12 +337,11 @@ _FX BOOLEAN Syscall_Init_List(void)
|
|||
goto next_zwxxx;
|
||||
}
|
||||
|
||||
//BOOLEAN default_action = TRUE;
|
||||
BOOLEAN install_hook = TRUE;
|
||||
|
||||
// ICD-10607 - McAfee uses it to pass its own data in the stack. The call is not important to us.
|
||||
if ( IS_PROC_NAME(14, "YieldExecution"))
|
||||
goto next_zwxxx;
|
||||
// default_action = FALSE;
|
||||
install_hook = FALSE;
|
||||
|
||||
//
|
||||
// the Google Chrome "wow_helper" process expects NtMapViewOfSection
|
||||
|
@ -352,17 +351,16 @@ _FX BOOLEAN Syscall_Init_List(void)
|
|||
//
|
||||
|
||||
if ( IS_PROC_NAME(16, "MapViewOfSection"))
|
||||
goto next_zwxxx;
|
||||
// default_action = FALSE;
|
||||
install_hook = FALSE;
|
||||
|
||||
//
|
||||
// check our custom map
|
||||
//
|
||||
|
||||
//if (!Syscall_TestHookMap(name, name_len, &enabled_hooks, &disabled_hooks, default_action)) {
|
||||
// //DbgPrint(" NtDll Hook disabled for %s\n", name);
|
||||
// goto next_zwxxx;
|
||||
//}
|
||||
if (!Syscall_TestHookMap(name, name_len, &enabled_hooks, &disabled_hooks, install_hook)) {
|
||||
//DbgPrint(" NtDll Hook disabled for %s\n", name);
|
||||
goto next_zwxxx;
|
||||
}
|
||||
//DbgPrint(" NtDll Hook enabled for %s\n", name);
|
||||
|
||||
//
|
||||
|
@ -451,8 +449,8 @@ next_zwxxx:
|
|||
|
||||
finish:
|
||||
|
||||
//Syscall_FreeHookMap(&enabled_hooks);
|
||||
//Syscall_FreeHookMap(&disabled_hooks);
|
||||
Syscall_FreeHookMap(&enabled_hooks);
|
||||
Syscall_FreeHookMap(&disabled_hooks);
|
||||
|
||||
return success;
|
||||
}
|
||||
|
|
|
@ -148,7 +148,7 @@ _FX BOOLEAN Syscall_Init_List32(void)
|
|||
Syscall_LoadHookMap(L"EnableWin32Hook", &enabled_hooks);
|
||||
Syscall_LoadHookMap(L"DisableWin32Hook", &disabled_hooks);
|
||||
|
||||
//BOOLEAN ignore_hook_blacklist = Conf_Get_Boolean(NULL, L"IgnoreHookBlacklist", 0, FALSE);
|
||||
BOOLEAN ignore_hook_blacklist = Conf_Get_Boolean(NULL, L"IgnoreWin32HookBlacklist", 0, FALSE);
|
||||
|
||||
//
|
||||
// get the syscall table
|
||||
|
@ -237,7 +237,7 @@ _FX BOOLEAN Syscall_Init_List32(void)
|
|||
|
||||
#define IS_PROC_NAME(ln,nm) (name_len == ln && memcmp(name, nm, ln) == 0)
|
||||
|
||||
//if(!ignore_hook_blacklist)
|
||||
if (!ignore_hook_blacklist)
|
||||
if ( IS_PROC_NAME(18, "UserCreateWindowEx")
|
||||
|
||||
|| IS_PROC_NAME( 7, "GdiInit") // bsod
|
||||
|
@ -256,12 +256,12 @@ _FX BOOLEAN Syscall_Init_List32(void)
|
|||
|
||||
//
|
||||
// Chrome and msedge need GdiDdDDI to be hooked in order for
|
||||
// the HW acceleration to work
|
||||
// the HW acceleration to work.
|
||||
//
|
||||
|
||||
BOOLEAN default_action = IS_PROC_PREFIX(8, "GdiDdDDI");
|
||||
BOOLEAN install_hook = IS_PROC_PREFIX(8, "GdiDdDDI");
|
||||
|
||||
if (!Syscall_TestHookMap(name, name_len, &enabled_hooks, &disabled_hooks, default_action)) {
|
||||
if (!Syscall_TestHookMap(name, name_len, &enabled_hooks, &disabled_hooks, install_hook)) {
|
||||
//DbgPrint(" Win32k Hook disabled for %s\n", name);
|
||||
goto next_ntxxx;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue