Skip to content

Commit

Permalink
Added K32EnnumProcesses hook
Browse files Browse the repository at this point in the history
  • Loading branch information
@RazviOverflow
RazviOverflow committed Apr 29, 2024
1 parent 257d91d commit 23b59a6
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 0 deletions.
11 changes: 11 additions & 0 deletions hook_process.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1485,4 +1485,15 @@ HOOKDEF(BOOL, WINAPI, EnumProcesses,
BOOL ret = Old_EnumProcesses(pProcessIds, cb, pBytesReturned);
LOQ_bool("process", "pip", "Proccess IDs", pProcessIds, "cb", cb, "Bytes Returned", pBytesReturned); // Modify category, LOQ_ function and log message according to your needs
return ret;
}

HOOKDEF(BOOL, WINAPI, K32EnumProcesses,
_Out_ DWORD* pProcessIds,
_In_ DWORD cb,
_Out_ DWORD* pBytesReturned
) {
DebuggerOutput("[***** DEBUG MESSAGE - EXTENDED HOOKS *****] Hooked K32EnumProcesses\n");
BOOL ret = Old_K32EnumProcesses(pProcessIds, cb, pBytesReturned);
LOQ_bool("process", "pip", "Proccess IDs", pProcessIds, "cb", cb, "Bytes Returned", pBytesReturned); // Modify category, LOQ_ function and log message according to your needs
return ret;
}
1 change: 1 addition & 0 deletions hooks.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -671,6 +671,7 @@ hook_t full_hooks[] = {
HOOK(kernel32, ExpandEnvironmentStringsA),
HOOK(kernel32, ExpandEnvironmentStringsW),
HOOK(kernel32, EnumProcesses),
HOOK(kernel32, K32EnumProcesses),
};

// This hook set is intended to include only hooks which are necessary
Expand Down
6 changes: 6 additions & 0 deletions hooks.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3762,4 +3762,10 @@ HOOKDEF(BOOL, WINAPI, EnumProcesses,
_Out_ DWORD* pProcessIds,
_In_ DWORD cb,
_Out_ DWORD* pBytesReturned
);

HOOKDEF(BOOL, WINAPI, K32EnumProcesses,
_Out_ DWORD* pProcessIds,
_In_ DWORD cb,
_Out_ DWORD* pBytesReturned
);

0 comments on commit 23b59a6

Please sign in to comment.