search

JKornev / hidden

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
1.82k stars 493 forks source link

Parent process bypassing #2

Closed JKornev closed 7 years ago

JKornev commented 7 years ago

Using PS_CREATE_NOTIFY_INFO.ParentProcessId on the CreateProcessNotifyCallback looks like a bad approach. Should be replaced to PsGetCurrentProcessId()

JKornev commented 7 years ago

Solved in the following commit: 146af98691cc99326761cc330dffec281e504237