style: run clang-format

even.c

@@ -18,11 +18,15 @@
  *
  */
 
-#include <ddk/ntddk.h>
 #include "even_ioctl.h"
 #include "even_names.h"
+#include <ddk/ntddk.h>
 
-#define uthash_nonfatal_oom(obj) do {return STATUS_INTERNAL_ERROR;} while (0)
+#define uthash_nonfatal_oom(obj)                                                                                       \
+    do                                                                                                                 \
+    {                                                                                                                  \
+        return STATUS_INTERNAL_ERROR;                                                                                  \
+    } while (0)
 
 #include "even_peb.h"
 #include "uthash.h"
@@ -71,36 +75,32 @@ struct even_peb *fake_peb = NULL;
 
 static NTSTATUS __stdcall even_create_peb(HANDLE pid)
 {
-        struct even_peb *s;
+    struct even_peb *s;
 
-        HASH_FIND_INT(fake_peb, &pid, s);
+    HASH_FIND_INT(fake_peb, &pid, s);
-        if (s == NULL) {
+    if (s == NULL)
-            s = ExAllocatePool(PagedPool, sizeof(*s));
+    {
-            s->pid = pid;
+        s = ExAllocatePool(PagedPool, sizeof(*s));
+        s->pid = pid;
 
-            PROCESS_BASIC_INFORMATION ProcessInformation;
+        PROCESS_BASIC_INFORMATION ProcessInformation;
-            NtQueryInformationProcess(
+        NtQueryInformationProcess(pid, ProcessBasicInformation, &ProcessInformation, sizeof(ProcessInformation), NULL);
-                    pid,
-                    ProcessBasicInformation,
-                    &ProcessInformation,
-                    sizeof(ProcessInformation),
-                    NULL
-            );
 
-            RtlCopyMemory(&s->fake_peb, ProcessInformation.PebBaseAddress, sizeof(*ProcessInformation.PebBaseAddress));
+        RtlCopyMemory(&s->fake_peb, ProcessInformation.PebBaseAddress, sizeof(*ProcessInformation.PebBaseAddress));
 
-            HASH_ADD_INT(fake_peb, pid, s);
+        HASH_ADD_INT(fake_peb, pid, s);
-        }
+    }
 
-        s->refcnt += 1;
+    s->refcnt += 1;
 
-        return STATUS_SUCCESS;
+    return STATUS_SUCCESS;
 }
 
-static NTSTATUS __stdcall even_delete_peb(struct even_peb* peb)
+static NTSTATUS __stdcall even_delete_peb(struct even_peb *peb)
 {
     DbgPrint("Even Htsysm7679: PEB Refcnt for PID %d: %d\r\n", peb->pid, peb->refcnt);
-    if (peb->refcnt <= 0) {
+    if (peb->refcnt <= 0)
+    {
         DbgPrint("Even Htsysm7679: PEB Refcnt <= 0, deleting\r\n");
         HASH_DEL(fake_peb, peb);
         return STATUS_SUCCESS;
@@ -132,7 +132,8 @@ static NTSTATUS __stdcall even_open_close(IN PDEVICE_OBJECT DeviceObject, IN PIR
     switch (io_stack->MajorFunction)
     {
     case IRP_MJ_CREATE:
-        if (pid == 0) goto err_out;
+        if (pid == 0)
+            goto err_out;
         DbgPrint("Even Htsysm7679: Handle to symbolink link opened by PID %d\r\n", pid);
 
         Irp->IoStatus.Information = 0;
@@ -141,7 +142,8 @@ static NTSTATUS __stdcall even_open_close(IN PDEVICE_OBJECT DeviceObject, IN PIR
 
         return STATUS_SUCCESS;
     case IRP_MJ_CLOSE:
-        if (pid == 0) goto err_out;
+        if (pid == 0)
+            goto err_out;
         DbgPrint("Even Htsysm7679: Handle to symbolink link closed by PID %d\r\n", pid);
 
         struct even_peb s;
@@ -255,12 +257,13 @@ static NTSTATUS __stdcall even_dispatch_device_control(IN PDEVICE_OBJECT DeviceO
         };
 
         HANDLE pid = PsGetCurrentProcessId();
-        if (even_find_peb(pid, &s) != STATUS_SUCCESS) {
+        if (even_find_peb(pid, &s) != STATUS_SUCCESS)
+        {
             Irp->IoStatus.Status = STATUS_INTERNAL_ERROR;
             goto err_out;
         }
 
-        void* fake_peb;
+        void *fake_peb;
         fake_peb = &s.fake_peb;
 
         int value;
@@ -302,12 +305,13 @@ static NTSTATUS __stdcall even_dispatch_device_control(IN PDEVICE_OBJECT DeviceO
         };
 
         HANDLE pid = PsGetCurrentProcessId();
-        if (even_find_peb(pid, &s) != STATUS_SUCCESS) {
+        if (even_find_peb(pid, &s) != STATUS_SUCCESS)
+        {
             Irp->IoStatus.Status = STATUS_INTERNAL_ERROR;
             goto err_out;
         }
 
-        void* fake_peb;
+        void *fake_peb;
         fake_peb = &s.fake_peb;
 
         int value;
@@ -348,13 +352,13 @@ static NTSTATUS __stdcall even_dispatch_device_control(IN PDEVICE_OBJECT DeviceO
         };
 
         HANDLE pid = PsGetCurrentProcessId();
-        if (even_find_peb(pid, &s) != STATUS_SUCCESS) {
+        if (even_find_peb(pid, &s) != STATUS_SUCCESS)
+        {
             Irp->IoStatus.Status = STATUS_INTERNAL_ERROR;
             goto err_out;
         }
 
-
+        void *fake_peb;
-        void* fake_peb;
         fake_peb = &s.fake_peb;
 
         char value[4];
@@ -388,8 +392,7 @@ err_out:
     return Irp->IoStatus.Status;
 }
 
-NTSTATUS __stdcall
+NTSTATUS __stdcall DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
-DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
 {
     NTSTATUS status;
     /* a particular Device Instance, theoretically one of many,

even_peb.h

@@ -1,29 +1,32 @@
 #ifndef _EVEN_PEB_H_
 #define _EVEN_PEB_H_ 1
 
+#include "uthash.h"
 #include <ddk/ntddk.h>
 #include <minwindef.h>
-#include "uthash.h"
 
-typedef struct _PEB_LDR_DATA {
+typedef struct _PEB_LDR_DATA
+{
     BYTE Reserved1[8];
     PVOID Reserved2[3];
     LIST_ENTRY InMemoryOrderModuleList;
-} PEB_LDR_DATA,*PPEB_LDR_DATA;
+} PEB_LDR_DATA, *PPEB_LDR_DATA;
 
-typedef struct _RTL_USER_PROCESS_PARAMETERS {
+typedef struct _RTL_USER_PROCESS_PARAMETERS
+{
     BYTE Reserved1[16];
     PVOID Reserved2[10];
     UNICODE_STRING ImagePathName;
     UNICODE_STRING CommandLine;
-} RTL_USER_PROCESS_PARAMETERS,*PRTL_USER_PROCESS_PARAMETERS;
+} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
 
 /* This function pointer is undocumented and just valid for windows 2000.
    Therefore I guess.  */
-typedef VOID (NTAPI *PPS_POST_PROCESS_INIT_ROUTINE)(VOID); 
+typedef VOID(NTAPI *PPS_POST_PROCESS_INIT_ROUTINE)(VOID);
 
-typedef struct _PEB {
+typedef struct _PEB
-    BYTE Reserved1[2];   
+{
+    BYTE Reserved1[2];
     BYTE BeingDebugged;
     BYTE Reserved2[1];
     PVOID Reserved3[2];
@@ -42,9 +45,10 @@ typedef struct _PEB {
     BYTE Reserved11[128];
     PVOID Reserved12[1];
     ULONG SessionId;
-} PEB,*PPEB;
+} PEB, *PPEB;
 
-struct even_peb {
+struct even_peb
+{
     HANDLE pid;
     int refcnt;
     PEB fake_peb;