www.pudn.com > hideprocess.rar > WinHook.h

/* ****************************************************************** 
	Name:WinHook.c 
	 
	Hook System Service Call In Windows 2000 or later version,Only  
for x86 CPU.This Driver Only hide process that you setting! 
		 
	Copyright (C) ndis 2004, All rights reserved. 
****************************************************************** */ 
 
/* Include ntddk standard header with C linkage*/ 
#ifdef __cplusplus 
extern "C" 
{ 
#endif 
 
#include		 
#include		 
 
#define	FILE_DEVICE_WINHOOK    0x00009122 
 
/* Native API process/threads struct */ 
struct _SYSTEM_THREADS 
{ 
   LARGE_INTEGER    KernelTime; 
   LARGE_INTEGER    UserTime; 
   LARGE_INTEGER    CreateTime; 
   ULONG            WaitTime; 
   PVOID            StartAddress; 
   CLIENT_ID        ClientIs; 
   KPRIORITY        Priority; 
   KPRIORITY        BasePriority; 
   ULONG            ContextSwitchCount; 
   ULONG            ThreadState; 
   KWAIT_REASON     WaitReason; 
}; 
 
struct _SYSTEM_PROCESSES 
{ 
   ULONG            NextEntryDelta; 
   ULONG            ThreadCount; 
   ULONG            Reserved[6]; 
   LARGE_INTEGER    CreateTime; 
   LARGE_INTEGER    UserTime; 
   LARGE_INTEGER    KernelTime; 
   UNICODE_STRING   ProcessName; 
   KPRIORITY        BasePriority; 
   ULONG            ProcessId; 
   ULONG            InheritedFromProcessId; 
   ULONG            HandleCount; 
   ULONG            Reserved2[2]; 
   VM_COUNTERS      VmCounters; 
   IO_COUNTERS      IoCounters; 
   struct _SYSTEM_THREADS Threads[1]; 
}; 
 
/* Definition for system call service table */ 
typedef struct _SRVTABLE { 
	PVOID				 *ServiceTable; 
	ULONG           LowCall;         
	ULONG           HiCall; 
	PVOID				 *ArgTable; 
} SRVTABLE, *PSRVTABLE; 
 
/* Old ZwQuerySystemInformation */ 
NTSTATUS	(*RealZwQuerySystemInformation)( 
					IN		ULONG  SystemInformationClass, 
					IN		PVOID  SystemInformation, 
					IN		ULONG  SystemInformationLength,  
					OUT	PULONG ReturnLength 
			);	 
 
/* Native API ZwQuerySystemInformation */ 
NTSYSAPI	NTSTATUS  NTAPI ZwQuerySystemInformation( 
					IN  ULONG  SystemInformationClass, 
					IN  PVOID  SystemInformation, 
					IN  ULONG  SystemInformationLength, 
					OUT PULONG ReturnLength 
				); 
 
/* Install System Call Hook */ 
VOID	  HookSystemCall(); 
 
/* Uninstall System Call Hook */ 
VOID	  UnhookSystemCall(); 
 
/* ook ZwQuerySystemInformation */ 
NTSTATUS  HookZwQuerySystemInformation(  
					IN  ULONG  SystemInformationClass,  
					IN  PVOID  SystemInformation,  
					IN  ULONG  SystemInformationLength,  
					OUT PULONG ReturnLength 
		  ); 
 
/* Driver Entry */ 
NTSTATUS  DriverEntry( 
					IN	PDRIVER_OBJECT	 DriverObject, 
					IN	PUNICODE_STRING RegistryPath 
		  ); 
 
/* Driver Dispatch */ 
NTSTATUS  DriverDispatch( 
					IN		PDEVICE_OBJECT DeviceObject, 
					IN		PIRP				Irp 
		  ); 
 
/* Unload Driver*/ 
VOID	  DriverUnload( 
		         IN PDRIVER_OBJECT	 DriverObject 
		  ); 
 
/* Pointer to the image of the system service table */ 
extern PSRVTABLE KeServiceDescriptorTable; 
 
#ifdef __cplusplus 
} 
#endif