Process Hacker
main.c File Reference
#include <kph.h>
#include <dyndata.h>

Go to the source code of this file.


 __drv_dispatchType (IRP_MJ_CREATE)
VOID DriverUnload (__in PDRIVER_OBJECT DriverObject)
NTSTATUS KphDispatchCreate (__in PDEVICE_OBJECT DeviceObject, __in PIRP Irp)
ULONG KphpReadIntegerParameter (__in_opt HANDLE KeyHandle, __in PUNICODE_STRING ValueName, __in ULONG DefaultValue)
 Reads an integer (REG_DWORD) parameter from the registry.
NTSTATUS KphpReadDriverParameters (__in PUNICODE_STRING RegistryPath)
 Reads the driver parameters.
NTSTATUS KpiGetFeatures (__out PULONG Features, __in KPROCESSOR_MODE AccessMode)
NTSTATUS KphEnumerateSystemModules (__out PRTL_PROCESS_MODULES *Modules)
 Enumerates the modules loaded by the kernel.
NTSTATUS KphValidateAddressForSystemModules (__in PVOID Address, __in SIZE_T Length)
 Checks if an address range lies within a kernel module.



Function Documentation

__drv_dispatchType ( IRP_MJ_CREATE  )

Definition at line 27 of file main.c.

VOID DriverUnload ( __in PDRIVER_OBJECT  DriverObject)

Definition at line 105 of file main.c.

NTSTATUS KphDispatchCreate ( __in PDEVICE_OBJECT  DeviceObject,
__in PIRP  Irp 

Definition at line 116 of file main.c.

NTSTATUS KphEnumerateSystemModules ( __out PRTL_PROCESS_MODULES Modules)

Enumerates the modules loaded by the kernel.

ModulesA variable which receives a pointer to a structure containing information about the kernel modules. The structure must be freed with the tag 'ThpK'.

Definition at line 317 of file main.c.

NTSTATUS KphpReadDriverParameters ( __in PUNICODE_STRING  RegistryPath)

Reads the driver parameters.

RegistryPathThe registry path of the driver.

Definition at line 217 of file main.c.

ULONG KphpReadIntegerParameter ( __in_opt HANDLE  KeyHandle,
__in PUNICODE_STRING  ValueName,
__in ULONG  DefaultValue 

Reads an integer (REG_DWORD) parameter from the registry.

KeyHandleA handle to the Parameters key. If NULL, the function fails immediately and returns DefaultValue.
ValueNameThe name of the parameter.
DefaultValueThe value that is returned if the function fails to retrieve the parameter from the registry.
The parameter value, or DefaultValue if the function failed.

Definition at line 173 of file main.c.

NTSTATUS KphValidateAddressForSystemModules ( __in PVOID  Address,
__in SIZE_T  Length 

Checks if an address range lies within a kernel module.

AddressThe beginning of the address range.
LengthThe number of bytes in the address range.

Definition at line 370 of file main.c.

NTSTATUS KpiGetFeatures ( __out PULONG  Features,
__in KPROCESSOR_MODE  AccessMode 

Definition at line 282 of file main.c.

Variable Documentation


Definition at line 25 of file main.c.


Definition at line 26 of file main.c.