Hello All, I would like know who could to help me, please.
I'm trying to hide a process via pspCidtable for my learning, but I cannot do it
I have understood that the comparation must be so:
void HideObject(PHANDLE_TABLE_ENTRY Entry)
{
PVOID obj = (PVOID)((ULONG)Entry->Object & 0xfffffff8);
if (obj == (long)MyEPROCESS) // MyEPROCESS = address to EPROCESS to hide
{
Entry->Object = 0;
}
}
but the object is never equal to EPROCESS
could anyone help me?
I'm trying to hide a process via pspCidtable for my learning, but I cannot do it
I have understood that the comparation must be so:
void HideObject(PHANDLE_TABLE_ENTRY Entry)
{
PVOID obj = (PVOID)((ULONG)Entry->Object & 0xfffffff8);
if (obj == (long)MyEPROCESS) // MyEPROCESS = address to EPROCESS to hide
{
Entry->Object = 0;
}
}
but the object is never equal to EPROCESS
could anyone help me?
