本文整理汇总了C++中PsGetCurrentProcessId函数的典型用法代码示例。如果您正苦于以下问题:C++ PsGetCurrentProcessId函数的具体用法?C++ PsGetCurrentProcessId怎么用?C++ PsGetCurrentProcessId使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了PsGetCurrentProcessId函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: AFSProcessNotify
void
AFSProcessNotify( IN HANDLE ParentId,
IN HANDLE ProcessId,
IN BOOLEAN Create)
{
//
// If this is a create notification then update our tree, otherwise remove the
// entry
//
if( Create)
{
AFSProcessCreate( ParentId,
ProcessId,
PsGetCurrentProcessId(),
PsGetCurrentThreadId());
}
else
{
AFSProcessDestroy( ProcessId);
}
return;
}示例2: SpyLogPreOperationData
VOID
SpyLogPreOperationData (
_Inout_ PRECORD_LIST RecordList
)
/*++
Routine Description:
This is called from the pre-operation callback routine to copy the
necessary information into the log record.
NOTE: This code must be NON-PAGED because it can be called on the
paging path.
Arguments:
Data - The Data structure that contains the information we want to record.
FltObjects - Pointer to the io objects involved in this operation.
RecordList - Where we want to save the data
Return Value:
None.
--*/
{
PRECORD_DATA recordData = &RecordList->LogRecord.Data;
recordData->Flags = 0L;
recordData->ProcessId = (FILE_ID)PsGetCurrentProcessId();
KeQuerySystemTime( &recordData->OriginatingTime );
}示例3: NewZwCreateSymbolicLinkObject
NTSTATUS NewZwCreateSymbolicLinkObject(PHANDLE SymLinkHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes,
PUNICODE_STRING ObjectName
) {
NTSTATUS status;
if (restrictEnabled()) {
if (ObjectName && ObjectName->Buffer && ObjectName->Length>0) {
#ifdef DEBUG
debugOutput(L"Incoming link to: ");
debugOutput(ObjectName->Buffer);
debugOutput(L"\n");
#endif
if (_wcsicmp(ObjectName->Buffer, L"\\Device\\PhysicalMemory")==0) {
WCHAR buf[200];
swprintf(buf, L"Blocking device/PhysicalMemory access, procid=0x%x\n",
PsGetCurrentProcessId());
debugOutput(buf);
return STATUS_ACCESS_DENIED;
}
}
}
status = (OldZwCreateSymbolicLinkObject)(SymLinkHandle, DesiredAccess, ObjectAttributes, ObjectName);
return status;
}示例4: NDISLWF_ReceiveNetBufferListsHandler
VOID
NDISLWF_ReceiveNetBufferListsHandler (
NDIS_HANDLE FilterModuleContext,
PNET_BUFFER_LIST NetBufferLists,
NDIS_PORT_NUMBER PortNumber,
ULONG NumberOfNetBufferLists,
ULONG ReceiveFlags )
{
PNDISLWF_CONTEXT FilterContext = (PNDISLWF_CONTEXT)FilterModuleContext;
// process the NBL chain to determine if should be allowed or rejected
if ( ProcessNblChain ( NetBufferLists ) ) {
DPF(("%s!%s [%x.%x] NBL=%p BLOCKED\n", __MODULE__, __FUNCTION__,
PsGetCurrentProcessId(), PsGetCurrentThreadId(), NetBufferLists ));
// Step #1 : Return the NBL chain to the caller instead of indicating it up to
// the driver above (NdisFReturnNetBufferLists())
// ensure that the ReceiveFlags are properly translated to ReturnFlags
NdisFReturnNetBufferLists(FilterContext->FilterHandle, NetBufferLists, ReceiveFlags & NDIS_RECEIVE_FLAGS_DISPATCH_LEVEL);
} else {
// Step #2 : Indicate the NBL chain to the driver above (NdisFIndicateReceiveNetBufferLists())
NdisFIndicateReceiveNetBufferLists(FilterContext->FilterHandle, NetBufferLists, PortNumber, NumberOfNetBufferLists, ReceiveFlags);
}
} // NDISLWF_ReceiveNetBufferListsHandler()示例5: LoadImageNotify
/*
kd> kb
ChildEBP RetAddr Args to Child
f8afdaa8 805c62ae f8afdcf0 00000000 f8afdb44 DrvHide!LoadImageNotify+0x10
f8afdac8 805a4159 f8afdcf0 00000000 f8afdb44 nt!PsCallImageNotifyRoutines+0x36
f8afdc6c 80576483 f8afdcf0 00000000 00000000 nt!MmLoadSystemImage+0x9e5
f8afdd4c 8057688f 80000378 00000001 00000000 nt!IopLoadDriver+0x371
f8afdd74 80534c02 80000378 00000000 823c63c8 nt!IopLoadUnloadDriver+0x45
f8afddac 805c6160 b286ecf4 00000000 00000000 nt!ExpWorkerThread+0x100
f8afdddc 80541dd2 80534b02 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
*/
VOID LoadImageNotify(
PUNICODE_STRING FullImageName,
HANDLE ProcessId, // where image is mapped
PIMAGE_INFO ImageInfo)
{
KeWaitForMutexObject(&m_GlobalMutex, Executive, KernelMode, FALSE, NULL);
// check for kernel driver
if (ProcessId == 0 && ImageInfo->SystemModeImage && !m_bFreeAreaFound &&
IsKnownDriver(FullImageName))
{
PVOID TargetImageBase = ImageInfo->ImageBase;
ULONG TargetImageSize = ImageInfo->ImageSize;
DbgMsg(
__FILE__, __LINE__, "%d '%wZ' is at "IFMT", size: %d\n",
PsGetCurrentProcessId(), FullImageName, TargetImageBase, TargetImageSize
);
// check for free area at the image discardable sections
if (m_bFreeAreaFound = CheckForFreeArea(TargetImageBase, &m_FreeAreaRVA, &m_FreeAreaLength))
{
m_FreeAreaVA = RVATOVA(TargetImageBase, m_FreeAreaRVA);
DbgMsg(__FILE__, __LINE__, "Free area found!\n");
// hook image entry point
HookImageEntry(TargetImageBase);
}
}
KeReleaseMutex(&m_GlobalMutex, FALSE);
}示例6: MyMapViewOfSection
/**
* 钩子函数,进行模块过滤
*/
NTSTATUS NTAPI MyMapViewOfSection(IN HANDLE SectionHandle,
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN ULONG ZeroBits,
IN ULONG CommitSize,
IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
IN OUT PULONG ViewSize,
IN SECTION_INHERIT InheritDisposition,
IN ULONG AllocationType,
IN ULONG Protect)
{
NTSTATUS result;
InterlockedIncrement(&g_HookCounter);
if (IsProcessProtected((DWORD)PsGetCurrentProcessId()) && (LONG)ProcessHandle == 0xFFFFFFFF)
{
result = BkMapViewOfSection(SectionHandle, ProcessHandle, BaseAddress,
ZeroBits, CommitSize, SectionOffset, ViewSize, InheritDisposition,
AllocationType, Protect);
}
else
result = NtMapViewOfSection(SectionHandle, ProcessHandle, BaseAddress,
ZeroBits, CommitSize, SectionOffset, ViewSize, InheritDisposition,
AllocationType, Protect);
InterlockedDecrement(&g_HookCounter);
return result;
}示例7: TsmiPsImageHandler
/*
* TsmiPsImageHandler
*
* Purpose:
*
* Notify to catch VirtualBox dlls loading.
*
*/
VOID TsmiPsImageHandler(
_In_ PUNICODE_STRING FullImageName,
_In_ HANDLE ProcessId,
_In_ PIMAGE_INFO ImageInfo
)
{
ULONG c, l = 0;
PAGED_CODE();
if ((FullImageName == NULL) || (ImageInfo == NULL) || (PsGetCurrentProcessId() != ProcessId))
return;
if ((FullImageName->Buffer == NULL) || (FullImageName->Length == 0))
return;
for (c = 0; c < (ULONG)FullImageName->Length / sizeof(WCHAR); c++)
if (FullImageName->Buffer[c] == '\\')
l = c + 1;
//
// Patch VBoxDD image.
//
if (_wcsnicmp(&FullImageName->Buffer[l], DDname, wcslen(DDname)) == 0) {
if (NT_SUCCESS(TsmiPatchImage(&g_VBoxDD, ImageInfo))) {
#ifdef _DEBUGMSG
DbgPrint("[TSMI] DD patched\n");
#endif
}
}
}示例8: isProtectProcess
bool isProtectProcess(UINT32 uPPid)
{
UINT32 uiPPid[6] = {0};
bool bReturn = false;
int iNum = 2;
if( getPPidNum(uiPPid, sizeof(uiPPid)/sizeof(UINT32), iNum) )
{
for(int i=0; i<iNum; i++)
{
UINT32 seek=(uiPPid[i])&0xfffffffffffffffc;
if(seek == (UINT32)(uPPid)
|| (seek+1) == (UINT32)(uPPid)
|| (seek+2) == (UINT32)(uPPid)
|| (seek+3) == (UINT32)(uPPid) )
{
if( (UINT32)PsGetCurrentProcessId() != uPPid)
{
kdP( ("protect the pid is: %d\n",uiPPid[i]) );
bReturn = true;
}
break;
}
}
}
return bReturn;
}示例9: IsProcessIntercepted
BOOL IsProcessIntercepted(
HOOK_ACL* LocalACL,
ULONG InProcessID)
#endif
{
/*
Description:
Please refer to LhIsThreadIntercepted() for more information.
Returns:
TRUE if the given thread is intercepted by the global AND local ACL,
FALSE otherwise.
*/
ULONG CheckID;
#ifndef DRIVER
if(InThreadID == 0)
CheckID = GetCurrentThreadId();
else
CheckID = InThreadID;
#else
if(InProcessID == 0)
CheckID = (ULONG)PsGetCurrentProcessId();
else
CheckID = InProcessID;
#endif
if(ACLContains(&Unit.GlobalACL, CheckID))
{
if(ACLContains(LocalACL, CheckID))
{
if(LocalACL->IsExclusive)
return FALSE;
}
else
{
if(!LocalACL->IsExclusive)
return FALSE;
}
return !Unit.GlobalACL.IsExclusive;
}
else
{
if(ACLContains(LocalACL, CheckID))
{
if(LocalACL->IsExclusive)
return FALSE;
}
else
{
if(!LocalACL->IsExclusive)
return FALSE;
}
return Unit.GlobalACL.IsExclusive;
}
}示例10: vboxMpCrCtlConSetPID
static int vboxMpCrCtlConSetPID(PVBOXMP_CRCTLCON pCrCtlCon, uint32_t u32ClientID)
{
CRVBOXHGCMSETPID parms;
int rc;
parms.hdr.result = VERR_WRONG_ORDER;
parms.hdr.u32ClientID = u32ClientID;
parms.hdr.u32Function = SHCRGL_GUEST_FN_SET_PID;
parms.hdr.cParms = SHCRGL_CPARMS_SET_PID;
parms.u64PID.type = VMMDevHGCMParmType_64bit;
parms.u64PID.u.value64 = (uint64_t)PsGetCurrentProcessId();
Assert(parms.u64PID.u.value64);
rc = vboxCrCtlConCall(pCrCtlCon->hCrCtl, &parms.hdr, sizeof (parms));
if (RT_FAILURE(rc))
{
WARN(("vboxCrCtlConCall failed, rc (%d)", rc));
return rc;
}
if (RT_FAILURE(parms.hdr.result))
{
WARN(("set PID failed, rc (%d)", parms.hdr.result));
return parms.hdr.result;
}
return VINF_SUCCESS;
}示例11: switch
BOOL
ShareLockKImp::Unlock() {
switch(m_LockType) {
case LockTypeMutex:
return KeReleaseMutex(&m_LockObject.m_Mutex.m_Mutex,
FALSE);
break;
case LockTypeEvent:
return KeSetEvent(&m_LockObject.m_Event.m_Event,
IO_NO_INCREMENT,
FALSE);
break;
case LockTypeSemaphore:
return KeReleaseSemaphore(&m_LockObject.m_Semaphore.m_Semaphore,
IO_NO_INCREMENT,
1,
FALSE);
break;
case LockTypeSpinlock:
break;
case LockTypeNamedSpinlock: {
if (m_LockObject.m_NamedSpinlock.m_lpHeader) {
InterlockedCompareExchange(&m_LockObject.m_NamedSpinlock.m_lpHeader->m_LockProcId,
0,
(LONG)PsGetCurrentProcessId());
return STATUS_SUCCESS;
}
}
break;
default:
break;
}
return FALSE;
}示例12: NtUserLockWindowStation
BOOL APIENTRY
NtUserLockWindowStation(HWINSTA hWindowStation)
{
PWINSTATION_OBJECT Object;
NTSTATUS Status;
TRACE("About to set process window station with handle (%p)\n",
hWindowStation);
if (gpidLogon != PsGetCurrentProcessId())
{
ERR("Unauthorized process attempted to lock the window station!\n");
EngSetLastError(ERROR_ACCESS_DENIED);
return FALSE;
}
Status = IntValidateWindowStationHandle(hWindowStation,
UserMode,
0,
&Object,
0);
if (!NT_SUCCESS(Status))
{
TRACE("Validation of window station handle (%p) failed\n",
hWindowStation);
SetLastNtError(Status);
return FALSE;
}
Object->Flags |= WSS_LOCKED;
ObDereferenceObject(Object);
return TRUE;
}示例13: IoCompletionRoutine
NTSTATUS
IoCompletionRoutine(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
UNREFERENCED_PARAMETER(DeviceObject);
UNREFERENCED_PARAMETER(Context);
PAGED_CODE();
KdPrint(("SYS(%d:%d):IoCompletionRoutine!\n", PsGetCurrentProcessId(), PsGetCurrentThreadId()));
*Irp->UserIosb = Irp->IoStatus;
if (Irp->UserEvent)
KeSetEvent(Irp->UserEvent, IO_NO_INCREMENT, 0);
if (Irp->MdlAddress)
{
IoFreeMdl(Irp->MdlAddress);
Irp->MdlAddress = NULL;
}
IoFreeIrp(Irp);
return STATUS_MORE_PROCESSING_REQUIRED;
}示例14: Filter
VOID __stdcall Filter(ULONG ServiceId, ULONG TableBase, ULONG Argc, ULONG StackAddr) {
ULONG pid = (ULONG)PsGetCurrentProcessId();
if (pid == g_nPid) {
ULONG i;
PXBoxData pData=(PXBoxData)ExAllocateFromNPagedLookasideList(&g_nPageList);
if(!pData)
return;
if (StackAddr < MmUserProbeAddress)
pData->bFromUser = 1;
else
pData->bFromUser = 0;
if (TableBase == (ULONG)KeServiceDescriptorTable.ServiceTableBase)
pData->bFromSSDT = 1;
else
pData->bFromSSDT = 0;
if (Argc > 16)
Argc = 16;
pData->argc = (UCHAR)Argc;
for (i = 0; i < Argc; ++i)
pData->args[i] = ((PULONG)StackAddr)[i];
pData->pid = (ULONG)pid;
pData->tid = (ULONG)PsGetCurrentThreadId();
pData->sid = ServiceId;
KeQuerySystemTime(&pData->time);
ExInterlockedInsertTailList(&g_linkListHead, &pData->ListEntry, &g_lock);
KeReleaseSemaphore( &g_keySemaphore, 0, 1, FALSE );
}
}示例15: WmipWaitForCollectionEnabled
void WmipWaitForCollectionEnabled(
PBGUIDENTRY GuidEntry
)
{
PAGED_CODE();
WmipAssert((GuidEntry->Flags & GE_FLAG_COLLECTION_IN_PROGRESS) ==
GE_FLAG_COLLECTION_IN_PROGRESS);
//
// Collection Enable/Disable is in progress so
// we cannot return just yet. Right now there could be a
// disable request being processed and if we didn't wait, we
// might get back to this caller before that disable request
// got around to realizing that it needs to send and enable
// request (needed by this thread's caller). So we'd have a
// situation where a thread though that collection was enabled
// but in reality it wasn't yet enabled.
if ((GuidEntry->Flags & GE_FLAG_WAIT_ENABLED) == 0)
{
KeInitializeEvent(GuidEntry->CollectInProgress,
NotificationEvent,
FALSE);
GuidEntry->Flags |= GE_FLAG_WAIT_ENABLED;
WmipDebugPrintEx((DPFLTR_WMICORE_ID, DPFLTR_INFO_LEVEL,"WMI: %p.%p for %p %x created event\n",
PsGetCurrentProcessId(), PsGetCurrentThreadId(),
GuidEntry,
GuidEntry->Flags));
}
WmipLeaveSMCritSection();
WmipDebugPrintEx((DPFLTR_WMICORE_ID, DPFLTR_INFO_LEVEL,"WMI: %p.%p waiting for %p %x on event\n",
PsGetCurrentProcessId(), PsGetCurrentThreadId(),
GuidEntry,
GuidEntry->Flags));
KeWaitForSingleObject(GuidEntry->CollectInProgress,
Executive,
KernelMode,
FALSE,
NULL);
WmipDebugPrintEx((DPFLTR_WMICORE_ID, DPFLTR_INFO_LEVEL,"WMI: %p.%p done %p %x waiting on event\n",
PsGetCurrentProcessId(), PsGetCurrentThreadId(),
GuidEntry,
GuidEntry->Flags));
WmipEnterSMCritSection();
}