search

mrexodia / TitanHide

Hiding kernel-driver for x86/x64.
MIT License
2.12k stars 421 forks source link

NtTerminateProcess hook failed SYSTEM_SERVICE_EXCEPTION #43

Closed ironxu closed 4 years ago

ironxu commented 4 years ago 
hNtTerminateProcess = SSDT::Hook("NtTerminateProcess", (void*)HookNtTerminateProcess);
if (hNtTerminateProcess)
    hook_count++;

NTSTATUS HookNtTerminateProcess( __in_opt HANDLE ProcessHandle, __in NTSTATUS ExitStatus ) { ULONG uPID; NTSTATUS rtStatus; rtStatus = Undocumented::NtTerminateProcess(ProcessHandle, ExitStatus); return rtStatus; }

typedef NTSTATUS(*NTTERMINATEPROCESS)( in_opt HANDLE ProcessHandle, in NTSTATUS ExitStatus ); static NTTERMINATEPROCESS NtTP = 0; NTSTATUS NTAPI Undocumented::NtTerminateProcess( in_opt HANDLE ProcessHandle, in NTSTATUS ExitStatus) { return NtTP(ProcessHandle, ExitStatus); }

Mattiwatti commented 4 years ago

This is a basic C bug caused by not initializing NtTP (other than the initial = 0 assignment). Add to UndocumentedInit():

if(!NtTP)
{
    NtTP = (NTTERMINATEPROCESS)SSDT::GetFunctionAddress("NtTerminateProcess");
    if(!NtTP)
        return false;
}