-
Notifications
You must be signed in to change notification settings - Fork 134
/
disable_instrumentation_callback.c
33 lines (25 loc) · 1.07 KB
/
disable_instrumentation_callback.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#include <stdio.h>
#include <windows.h>
#define ProcessInstrumentationCallback 40
typedef LONG(WINAPI* NT_SET_INFORMATION_PROCESS)(
_In_ HANDLE hProcess,
_In_ PROCESS_INFORMATION_CLASS ProcessInformationClass,
_In_reads_bytes_(ProcessInformationSize) LPVOID ProcessInformation,
_In_ DWORD ProcessInformationSize
);
typedef struct _PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION
{
ULONG Version;
ULONG Reserved;
PVOID Callback;
} PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION, *PPROCESS_INSTRUMENTATION_CALLBACK_INFORMATION;
int main()
{
NT_SET_INFORMATION_PROCESS NtSetInformationProcess = ( NT_SET_INFORMATION_PROCESS )GetProcAddress( GetModuleHandle( "ntdll.dll" ), "NtSetInformationProcess" );
PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION InstrumentationCallbackInfo;
InstrumentationCallbackInfo.Version = 0x0;
InstrumentationCallbackInfo.Reserved = 0x0;
InstrumentationCallbackInfo.Callback = NULL;
NtSetInformationProcess( hProcess, ProcessInstrumentationCallback, &InstrumentationCallbackInfo, sizeof( InstrumentationCallbackInfo ) );
return 0;
}