_declspec (naked )
void fake_my_native_api(PKAPC Apc, PVOID SystemArgument1, PVOID SystemArgument2, KPRIORITY Increment )
{
/* ULONG ptarget_thread;
ULONG ptarget_process;
ULONG pcurrent_process;
PUCHAR ptarget_process_name;
PUCHAR pcurrent_process_name;
__asm
{
push ebp;
mov ebp, esp;
pushad;
}
ptarget_thread = (ULONG)(Apc->Thread);
ptarget_process = *(PULONG)(ptarget_thread + 0x220);
ptarget_process_name = (PUCHAR)(ptarget_process + 0x174);
pcurrent_process = *(PULONG)PsGetCurrentProcess();
pcurrent_process_name = (PUCHAR)(pcurrent_process + 0x174);
if( _stricmp( ptarget_process_name, "notepad.exe") == 0 )
{
if( _stricmp(pcurrent_process_name, "notepad.exe") != 0 )
{
__asm
{
mov eax, 0x0;
popad;
pop ebp;
ret;
}
}
}
else
{
__asm
{
popad;
pop ebp;
jmp fake_proxy_my_native_api;
}
}
*/
__asm
{
jmp fake_proxy_my_native_api;
}
}