-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmeme.cpp
40 lines (32 loc) · 820 Bytes
/
meme.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#define CE_STR_1 ("dbvm-mode")
__declspec(noinline) void DbgPrintCallback(_In_ PSTRING Output, _In_ ULONG ComponentId, _In_ ULONG Level)
{
if (!Output)
{
return;
}
if (ComponentId == DPFLTR_MM_ID && Level == DPFLTR_SETUP_ID)
{
// TODO: check sth you want
}
if (ComponentId != DPFLTR_DEFAULT_ID)
{
return;
}
if (Level != DPFLTR_INFO_LEVEL)
{
return;
}
char szOutput[MAX_PATH + 1];
RtlSecureZeroMemory(szOutput, sizeof(szOutput));
SafeCopyMemory(szOutput, Output->Buffer, min(Output->Length, MAX_PATH));
if (_strcmp_a(szOutput, CE_STR_1) == 0)
{
// TODO: report
return;
}
}
// load
DbgSetDebugPrintCallback(DbgPrintCallback, TRUE);
// unload
DbgSetDebugPrintCallback(DbgPrintCallback, FALSE);