-
-
Save a10ncoder/dfd145bd9c7b5991ff944190f118c71a to your computer and use it in GitHub Desktop.
Revisions
-
swwwolf renamed this gist
Dec 14, 2014 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Dec 14, 2014 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Dec 14, 2014 . No changes.There are no files selected for viewing
-
Dec 14, 2014 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,7 +5,7 @@ MmLoadSystemImage(IN PUNICODE_STRING ImageFileName, IN ULONG LoadFlags, OUT PVOID *ImageHandle, OUT PVOID *ImageBaseAddress) { // ... if ( PsImageNotifyEnabled ) { IMAGE_INFO ImageInfo; @@ -19,7 +19,7 @@ MmLoadSystemImage(IN PUNICODE_STRING ImageFileName, PsCallImageNotifyRoutines(ImageFileName, (HANDLE)NULL, &ImageInfo); } // ... } PsCallImageNotifyRoutines(IN PUNICODE_STRING FullImageName, -
Dec 14, 2014 . 1 changed file with 8 additions and 10 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,7 +6,7 @@ MmLoadSystemImage(IN PUNICODE_STRING ImageFileName, OUT PVOID *ImageHandle, OUT PVOID *ImageBaseAddress) { // … if ( PsImageNotifyEnabled ) { IMAGE_INFO ImageInfo; ImageInfo.Properties = 0; @@ -31,15 +31,13 @@ PsCallImageNotifyRoutines(IN PUNICODE_STRING FullImageName, PAGED_CODE(); if ( PsImageNotifyEnabled ) { for ( i=0; i < PSP_MAX_LOAD_IMAGE_NOTIFY; i++ ) { CallBack = ExReferenceCallBackBlock(&PspLoadImageNotifyRoutine[i]); if ( CallBack != NULL ) { Rtn = (PLOAD_IMAGE_NOTIFY_ROUTINE)ExGetCallBackBlockRoutine(CallBack); Rtn(FullImageName, ProcessId, ImageInfo); ExDereferenceCallBackBlock(&PspLoadImageNotifyRoutine[i], CallBack); } } } -
Dec 14, 2014 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,7 +5,7 @@ MmLoadSystemImage(IN PUNICODE_STRING ImageFileName, IN ULONG LoadFlags, OUT PVOID *ImageHandle, OUT PVOID *ImageBaseAddress) { // … if (PsImageNotifyEnabled) { IMAGE_INFO ImageInfo; @@ -19,7 +19,7 @@ MmLoadSystemImage(IN PUNICODE_STRING ImageFileName, PsCallImageNotifyRoutines(ImageFileName, (HANDLE)NULL, &ImageInfo); } // … } PsCallImageNotifyRoutines(IN PUNICODE_STRING FullImageName, -
Dec 14, 2014 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,46 @@ NTSTATUS MmLoadSystemImage(IN PUNICODE_STRING ImageFileName, IN PUNICODE_STRING NamePrefix OPTIONAL, IN PUNICODE_STRING LoadedBaseName OPTIONAL, IN ULONG LoadFlags, OUT PVOID *ImageHandle, OUT PVOID *ImageBaseAddress) { … if (PsImageNotifyEnabled) { IMAGE_INFO ImageInfo; ImageInfo.Properties = 0; ImageInfo.ImageAddressingMode = IMAGE_ADDRESSING_MODE_32BIT; ImageInfo.SystemModeImage = TRUE; ImageInfo.ImageSize = DataTableEntry->SizeOfImage; ImageInfo.ImageBase = *ImageBaseAddress; ImageInfo.ImageSelector = 0; ImageInfo.ImageSectionNumber = 0; PsCallImageNotifyRoutines(ImageFileName, (HANDLE)NULL, &ImageInfo); } … } PsCallImageNotifyRoutines(IN PUNICODE_STRING FullImageName, IN HANDLE ProcessId, IN PIMAGE_INFO ImageInfo) { ULONG i; PEX_CALLBACK_ROUTINE_BLOCK CallBack; PLOAD_IMAGE_NOTIFY_ROUTINE Rtn; PAGED_CODE(); if (PsImageNotifyEnabled) { for (i=0; i < PSP_MAX_LOAD_IMAGE_NOTIFY; i++) { CallBack = ExReferenceCallBackBlock (&PspLoadImageNotifyRoutine[i]); if (CallBack != NULL) { Rtn = (PLOAD_IMAGE_NOTIFY_ROUTINE) ExGetCallBackBlockRoutine (CallBack); Rtn (FullImageName, ProcessId, ImageInfo); ExDereferenceCallBackBlock (&PspLoadImageNotifyRoutine[i], CallBack); } } } }