extern "C"
{

#include "hooked_proc.h"
#include "debug.h"
#include "func.h"

NTSTATUS NewZwOpenProcess(PHANDLE ProcessHandle,ACCESS_MASK DesiredAccess,POBJECT_ATTRIBUTES ObjectAttributes,PCLIENT_ID ClientId);
} //extern "C"


/*
 pointers to original functions
*/

ZW_OPEN_PROCESS OldZwOpenProcess=NULL;


/*
 our implementation of ZwOpenProcess, this time we only log it and call 
 original code, run taskman after it is hooked and watch DebugView
*/

NTSTATUS NewZwOpenProcess(PHANDLE ProcessHandle,ACCESS_MASK DesiredAccess,POBJECT_ATTRIBUTES ObjectAttributes,PCLIENT_ID ClientId)
{
  DbgMsg("hooked_proc.cpp: NewZwOpenProcess(ProcessHandle:0x%.8X,DesiredAccess:0x%.8X,ObjectAttributes:0x%.8X,ClientId:0x%.8X)",
         ProcessHandle,DesiredAccess,ObjectAttributes,ClientId);

  int cid_valid=func_is_good_read_ptr(ClientId,sizeof(CLIENT_ID));
  if (cid_valid)
  {
    DbgMsg("hooked_proc.cpp: NewZwOpenProcess: ClientId->UniqueProcess=0x%.8X",ClientId->UniqueProcess);
    DbgMsg("hooked_proc.cpp: NewZwOpenProcess: ClientId->UniqueThread=0x%.8X",ClientId->UniqueThread);
  }

  NTSTATUS status;

  status=OldZwOpenProcess(ProcessHandle,DesiredAccess,ObjectAttributes,ClientId);

  DbgMsg("hooked_proc.cpp: NewZwOpenProcess(-):0x%.8X",status);
  return status;
}