And trust the Russian hackers to exploit that.
#include <lock.h>
#include <interface.h>
#include <chew/chew.h>
#include <lock.h>
#include <interface.h>
#include <chew/chew.h>
PVOID Options)
{
PADDRESS_FILE AddrFile;
PVOID Options)
{
PADDRESS_FILE AddrFile;
TI_DbgPrint(MID_TRACE, ("Called (Proto %d).\n", Protocol));
TI_DbgPrint(MID_TRACE, ("Called (Proto %d).\n", Protocol));
AddrFile->HeaderIncl = 1;
AddrFile->ProcessId = PsGetCurrentProcessId();
AddrFile->HeaderIncl = 1;
AddrFile->ProcessId = PsGetCurrentProcessId();
- Teb = PsGetCurrentThreadTeb();
- if (Teb != NULL) {
- AddrFile->SubProcessTag = Teb->SubProcessTag;
- }
+ _SEH2_TRY {
+ PTEB Teb;
+
+ Teb = PsGetCurrentThreadTeb();
+ if (Teb != NULL)
+ AddrFile->SubProcessTag = Teb->SubProcessTag;
+ } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
+ AddrFile->SubProcessTag = 0;
+ } _SEH2_END;
KeQuerySystemTime(&AddrFile->CreationTime);
KeQuerySystemTime(&AddrFile->CreationTime);