Implement ZwSetInformationThread ThreadHideFromDebugger

Author: mrexodia

src/dumpulator/dumpulator.py

@@ -831,6 +831,11 @@ def syscall_arg(index):
                 argvalue = syscall_arg(i)
                 if issubclass(argtype, PVOID):
                     argvalue = argtype(argvalue, dp)
+                elif issubclass(argtype, Enum):
+                    try:
+                        argvalue = argtype(dp.args[i])
+                    except KeyError as x:
+                        raise Exception(f"Unknown enum value {dp.args[i]} for {type(argtype)}")
                 else:
                     argvalue = argtype(argvalue)
                 args.append(argvalue)

src/dumpulator/ntsyscalls.py

@@ -3561,6 +3561,11 @@ def ZwSetInformationThread(dp: Dumpulator,
                            ThreadInformation: PVOID,
                            ThreadInformationLength: ULONG
                            ):
+    if ThreadInformationClass == THREADINFOCLASS.ThreadHideFromDebugger:
+        assert ThreadInformation == 0
+        assert ThreadInformationLength == 0
+        assert ThreadHandle == dp.NtCurrentThread()
+        return STATUS_SUCCESS
     raise NotImplementedError()
 
 @syscall