Process Hacker
main.c File Reference
#include <kph.h>
#include <dyndata.h>

 __drv_dispatchType (IRP_MJ_CREATE)
VOID DriverUnload (__in PDRIVER_OBJECT DriverObject)
NTSTATUS KphDispatchCreate (__in PDEVICE_OBJECT DeviceObject, __in PIRP Irp)
ULONG KphpReadIntegerParameter (__in_opt HANDLE KeyHandle, __in PUNICODE_STRING ValueName, __in ULONG DefaultValue)
 Reads an integer (REG_DWORD) parameter from the registry.
NTSTATUS KphpReadDriverParameters (__in PUNICODE_STRING RegistryPath)
 Reads the driver parameters.
NTSTATUS KpiGetFeatures (__out PULONG Features, __in KPROCESSOR_MODE AccessMode)
NTSTATUS KphEnumerateSystemModules (__out PRTL_PROCESS_MODULES *Modules)
 Enumerates the modules loaded by the kernel.
NTSTATUS KphValidateAddressForSystemModules (__in PVOID Address, __in SIZE_T Length)
 Checks if an address range lies within a kernel module.



Function Documentation

__drv_dispatchType ( IRP_MJ_CREATE  )

VOID DriverUnload ( __in PDRIVER_OBJECT  DriverObject)

NTSTATUS KphDispatchCreate ( __in PDEVICE_OBJECT  DeviceObject,
__in PIRP  Irp 

NTSTATUS KphEnumerateSystemModules ( __out PRTL_PROCESS_MODULES Modules)

Enumerates the modules loaded by the kernel.

ModulesA variable which receives a pointer to a structure containing information about the kernel modules. The structure must be freed with the tag 'ThpK'.

NTSTATUS KphpReadDriverParameters ( __in PUNICODE_STRING  RegistryPath)

Reads the driver parameters.

RegistryPathThe registry path of the driver.

ULONG KphpReadIntegerParameter ( __in_opt HANDLE  KeyHandle,
__in PUNICODE_STRING  ValueName,
__in ULONG  DefaultValue 

Reads an integer (REG_DWORD) parameter from the registry.

KeyHandleA handle to the Parameters key. If NULL, the function fails immediately and returns DefaultValue.
ValueNameThe name of the parameter.
DefaultValueThe value that is returned if the function fails to retrieve the parameter from the registry.
The parameter value, or DefaultValue if the function failed.

NTSTATUS KphValidateAddressForSystemModules ( __in PVOID  Address,
__in SIZE_T  Length 

Checks if an address range lies within a kernel module.

AddressThe beginning of the address range.
LengthThe number of bytes in the address range.

NTSTATUS KpiGetFeatures ( __out PULONG  Features,
__in KPROCESSOR_MODE  AccessMode 

