20#ifndef __INTERNAL_PSAPI_H_INCLUDED__
21#define __INTERNAL_PSAPI_H_INCLUDED__
32 "movl %%fs:0x18, %0\n"
54 LPSTR RightVolumeName;
60 PVOID DeferredRoutine;
61 PVOID ExclusionRoutine;
62 PVOID DispatchRoutine;
83 IN PSYSTEM_MODULE_INFORMATION_ENTRY CurrentModule,
95#define FAILED_WITH_STATUS DEFINE_DBG_MSG("%s() failed, status 0x%08X")
218PSYSTEM_MODULE_INFORMATION_ENTRY
225PSYSTEM_MODULE_INFORMATION_ENTRY
257#define DEFINE_DBG_MSG(__str__) "PSAPI: " __str__ "\n"
NTSTATUS NTAPI PsaEnumerateThreads(IN PTHREAD_ENUM_ROUTINE Callback, IN OUT PVOID CallbackContext)
NTSTATUS NTAPI(* PTHREAD_ENUM_ROUTINE)(IN PSYSTEM_THREADS CurrentThread, IN OUT PVOID CallbackContext)
VOID NTAPI PsaFreeCapture(IN PVOID Capture)
PSYSTEM_THREADS FASTCALL PsaWalkNextThread(IN PSYSTEM_THREADS CurrentThread)
void * PsaiMalloc(SIZE_T size)
NTSTATUS NTAPI PsaEnumerateProcesses(IN PPROC_ENUM_ROUTINE Callback, IN OUT PVOID CallbackContext)
NTSTATUS NTAPI PsaWalkThreads(IN PSYSTEM_PROCESSES ProcessesAndThreads, IN PTHREAD_ENUM_ROUTINE Callback, IN OUT PVOID CallbackContext)
NTSTATUS NTAPI(* PPROCMOD_ENUM_ROUTINE)(IN HANDLE ProcessHandle, IN PLDR_DATA_TABLE_ENTRY CurrentModule, IN OUT PVOID CallbackContext)
PSYSTEM_PROCESSES FASTCALL PsaWalkNextProcess(IN PSYSTEM_PROCESSES CurrentProcess)
NTSTATUS NTAPI PsaCaptureProcessesAndThreads(OUT PSYSTEM_PROCESSES *ProcessesAndThreads)
void * PsaiRealloc(void *ptr, SIZE_T size)
NTSTATUS NTAPI PsaWalkSystemModules(IN PSYSTEM_MODULE_INFORMATION SystemModules, IN PSYSMOD_ENUM_ROUTINE Callback, IN OUT PVOID CallbackContext)
NTSTATUS NTAPI PsaWalkProcesses(IN PSYSTEM_PROCESSES ProcessesAndThreads, IN PPROC_ENUM_ROUTINE Callback, IN OUT PVOID CallbackContext)
PSYSTEM_THREADS FASTCALL PsaWalkFirstThread(IN PSYSTEM_PROCESSES CurrentProcess)
NTSTATUS NTAPI(* PPROC_ENUM_ROUTINE)(IN PSYSTEM_PROCESSES CurrentProcess, IN OUT PVOID CallbackContext)
NTSTATUS NTAPI PsaEnumerateProcessesAndThreads(IN PPROC_ENUM_ROUTINE ProcessCallback, IN OUT PVOID ProcessCallbackContext, IN PTHREAD_ENUM_ROUTINE ThreadCallback, IN OUT PVOID ThreadCallbackContext)
NTSTATUS NTAPI(* PSYSMOD_ENUM_ROUTINE)(IN PSYSTEM_MODULE_INFORMATION_ENTRY CurrentModule, IN OUT PVOID CallbackContext)
NTSTATUS NTAPI PsaCaptureSystemModules(OUT PSYSTEM_MODULE_INFORMATION *SystemModules)
PSYSTEM_MODULE_INFORMATION_ENTRY FASTCALL PsaWalkFirstSystemModule(IN PSYSTEM_MODULE_INFORMATION SystemModules)
NTSTATUS NTAPI PsaWalkProcessesAndThreads(IN PSYSTEM_PROCESSES ProcessesAndThreads, IN PPROC_ENUM_ROUTINE ProcessCallback, IN OUT PVOID ProcessCallbackContext, IN PTHREAD_ENUM_ROUTINE ThreadCallback, IN OUT PVOID ThreadCallbackContext)
PSYSTEM_MODULE_INFORMATION_ENTRY FASTCALL PsaWalkNextSystemModule(IN PSYSTEM_MODULE_INFORMATION CurrentSystemModule)
NTSTATUS NTAPI PsaEnumerateSystemModules(IN PSYSMOD_ENUM_ROUTINE Callback, IN OUT PVOID CallbackContext)
NTSTATUS NTAPI PsaEnumerateProcessModules(IN HANDLE ProcessHandle, IN PPROCMOD_ENUM_ROUTINE Callback, IN OUT PVOID CallbackContext)
void * _lfind(const void *match, const void *start, unsigned int *array_size, unsigned int elem_size, int(*cf)(const void *, const void *))
static struct _TEB * NtCurrentTeb(void)
PSYSTEM_PROCESSES FASTCALL PsaWalkFirstProcess(IN PSYSTEM_PROCESSES ProcessesAndThreads)
_In_ HANDLE ProcessHandle
__asm__(".p2align 4, 0x90\n" ".seh_proc __seh2_global_filter_func\n" "__seh2_global_filter_func:\n" "\tsub %rbp, %rax\n" "\tpush %rbp\n" "\t.seh_pushreg %rbp\n" "\tsub $32, %rsp\n" "\t.seh_stackalloc 32\n" "\t.seh_endprologue\n" "\tsub %rax, %rdx\n" "\tmov %rdx, %rbp\n" "\tjmp *%r8\n" "__seh2_global_filter_func_exit:\n" "\t.p2align 4\n" "\tadd $32, %rsp\n" "\tpop %rbp\n" "\tret\n" "\t.seh_endproc")
_In_ WDFINTERRUPT _In_ PFN_WDF_INTERRUPT_SYNCHRONIZE Callback
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR _In_ ULONGLONG _In_ ULONGLONG _In_opt_ PEVENT_FILTER_DESCRIPTOR _Inout_opt_ PVOID CallbackContext