public IntPtr SsAddThreadIdRule(
KphSsRuleSetEntryHandle ruleSetEntryHandle,
KphSsFilterType filterType,
IntPtr threadId
)
{
byte* inData = stackalloc byte[0xc];
byte* outData = stackalloc byte[4];
*(int*)inData = ruleSetEntryHandle.Handle.ToInt32();
*(int*)(inData + 0x4) = (int)filterType;
*(int*)(inData + 0x8) = threadId.ToInt32();
_fileHandle.IoControl(CtlCode(Control.SsAddThreadIdRule), inData, 0xc, outData, 4);
return (*(int*)outData).ToIntPtr();
}
public void SsRemoveRule(
KphSsRuleSetEntryHandle ruleSetEntryHandle,
IntPtr ruleEntryHandle
)
{
byte* inData = stackalloc byte[8];
*(int*)inData = ruleSetEntryHandle.Handle.ToInt32();
*(int*)(inData + 4) = ruleEntryHandle.ToInt32();
_fileHandle.IoControl(CtlCode(Control.SsRemoveRule), inData, 8, null, 0);
}
public IntPtr SsAddPreviousModeRule(
KphSsRuleSetEntryHandle ruleSetEntryHandle,
KphSsFilterType filterType,
KProcessorMode previousMode
)
{
byte* inData = stackalloc byte[0x9];
byte* outData = stackalloc byte[4];
*(int*)inData = ruleSetEntryHandle.Handle.ToInt32();
*(int*)(inData + 0x4) = (int)filterType;
*(byte*)(inData + 0x8) = (byte)previousMode;
_fileHandle.IoControl(CtlCode(Control.SsAddPreviousModeRule), inData, 0x9, outData, 4);
return (*(int*)outData).ToIntPtr();
}
