2002-06-18 22:16:53 +00:00
|
|
|
/*
|
|
|
|
* COPYRIGHT: See COPYING in the top level directory
|
2002-08-31 17:11:24 +00:00
|
|
|
* LICENSE: See LGPL.txt in the top level directory
|
2002-06-18 22:16:53 +00:00
|
|
|
* PROJECT: ReactOS system libraries
|
|
|
|
* FILE: reactos/lib/psapi/misc/win32.c
|
2002-08-29 23:57:54 +00:00
|
|
|
* PURPOSE: Win32 interfaces for PSAPI
|
2002-06-18 22:16:53 +00:00
|
|
|
* PROGRAMMER: KJK::Hyperion <noog@libero.it>
|
2004-11-06 11:45:47 +00:00
|
|
|
* Thomas Weidenmueller <w3seek@reactos.com>
|
2013-10-30 10:56:02 +00:00
|
|
|
* Pierre Schweitzer <pierre@reactos.org>
|
2002-06-18 22:16:53 +00:00
|
|
|
* UPDATE HISTORY:
|
|
|
|
* 10/06/2002: Created
|
|
|
|
*/
|
|
|
|
|
2013-12-22 19:06:31 +00:00
|
|
|
#include <stdarg.h>
|
|
|
|
|
|
|
|
#define WIN32_NO_STATUS
|
|
|
|
#include <windef.h>
|
|
|
|
#include <winbase.h>
|
|
|
|
#include <winnls.h>
|
|
|
|
#define NTOS_MODE_USER
|
|
|
|
#include <ndk/exfuncs.h>
|
|
|
|
#include <ndk/mmfuncs.h>
|
|
|
|
#include <ndk/psfuncs.h>
|
|
|
|
#include <ndk/rtlfuncs.h>
|
|
|
|
|
|
|
|
#include <psapi.h>
|
|
|
|
|
|
|
|
#include <pseh/pseh2.h>
|
2002-08-29 23:57:54 +00:00
|
|
|
|
2004-11-03 22:43:00 +00:00
|
|
|
#define NDEBUG
|
|
|
|
#include <debug.h>
|
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
#define MAX_MODULES 0x2710 // Matches 10.000 modules
|
|
|
|
#define INIT_MEMORY_SIZE 0x1000 // Matches 4kB
|
|
|
|
|
2004-11-02 23:42:49 +00:00
|
|
|
/* INTERNAL *******************************************************************/
|
2002-06-18 22:16:53 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
static BOOL NTAPI
|
|
|
|
FindDeviceDriver(IN PVOID ImageBase,
|
|
|
|
OUT PRTL_PROCESS_MODULE_INFORMATION MatchingModule)
|
2002-08-29 23:57:54 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
NTSTATUS Status;
|
2020-01-03 20:43:44 +00:00
|
|
|
DWORD i, RequiredSize;
|
2013-10-30 10:56:02 +00:00
|
|
|
PRTL_PROCESS_MODULES Information;
|
|
|
|
RTL_PROCESS_MODULE_INFORMATION Module;
|
|
|
|
/* By default, to prevent too many reallocations, we already make room for 4 modules */
|
|
|
|
DWORD Size = sizeof(RTL_PROCESS_MODULES) + 3 * sizeof(RTL_PROCESS_MODULE_INFORMATION);
|
2002-08-29 23:57:54 +00:00
|
|
|
|
2020-01-03 20:43:44 +00:00
|
|
|
while (TRUE)
|
2013-10-30 10:56:02 +00:00
|
|
|
{
|
|
|
|
/* Allocate a buffer to hold modules information */
|
|
|
|
Information = LocalAlloc(LMEM_FIXED, Size);
|
|
|
|
if (!Information)
|
|
|
|
{
|
|
|
|
SetLastError(ERROR_NO_SYSTEM_RESOURCES);
|
|
|
|
return FALSE;
|
|
|
|
}
|
2002-08-31 15:36:56 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Query information */
|
2020-01-03 20:43:44 +00:00
|
|
|
Status = NtQuerySystemInformation(SystemModuleInformation, Information, Size, &RequiredSize);
|
2013-10-30 10:56:02 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
{
|
2020-01-03 20:43:44 +00:00
|
|
|
/* Free the current buffer */
|
2013-10-30 10:56:02 +00:00
|
|
|
LocalFree(Information);
|
|
|
|
|
|
|
|
/* If it was not a length mismatch (ie, buffer too small), just leave */
|
|
|
|
if (Status != STATUS_INFO_LENGTH_MISMATCH)
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2020-01-03 20:43:44 +00:00
|
|
|
/* Try again with the required size */
|
|
|
|
Size = RequiredSize;
|
2013-10-30 10:56:02 +00:00
|
|
|
continue;
|
|
|
|
}
|
2002-08-29 23:57:54 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* No modules returned? Leave */
|
|
|
|
if (Information->NumberOfModules == 0)
|
|
|
|
{
|
|
|
|
break;
|
|
|
|
}
|
2003-02-02 19:27:17 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Try to find which module matches the base address given */
|
2020-01-03 20:43:44 +00:00
|
|
|
for (i = 0; i < Information->NumberOfModules; ++i)
|
2013-10-30 10:56:02 +00:00
|
|
|
{
|
2020-01-03 20:43:44 +00:00
|
|
|
Module = Information->Modules[i];
|
2013-10-30 10:56:02 +00:00
|
|
|
if (Module.ImageBase == ImageBase)
|
|
|
|
{
|
|
|
|
/* Copy the matching module and leave */
|
|
|
|
memcpy(MatchingModule, &Module, sizeof(Module));
|
|
|
|
LocalFree(Information);
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
}
|
2002-08-29 23:57:54 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* If we arrive here, it means we were not able to find matching base address */
|
|
|
|
break;
|
2020-01-03 20:43:44 +00:00
|
|
|
}
|
2002-08-29 23:57:54 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Release and leave */
|
|
|
|
LocalFree(Information);
|
|
|
|
SetLastError(ERROR_INVALID_HANDLE);
|
2002-08-31 15:36:56 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
return FALSE;
|
2002-08-29 23:57:54 +00:00
|
|
|
}
|
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
static BOOL NTAPI
|
|
|
|
FindModule(IN HANDLE hProcess,
|
|
|
|
IN HMODULE hModule OPTIONAL,
|
|
|
|
OUT PLDR_DATA_TABLE_ENTRY Module)
|
2002-08-31 15:36:56 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
DWORD Count;
|
|
|
|
NTSTATUS Status;
|
|
|
|
PPEB_LDR_DATA LoaderData;
|
|
|
|
PLIST_ENTRY ListHead, ListEntry;
|
|
|
|
PROCESS_BASIC_INFORMATION ProcInfo;
|
|
|
|
|
|
|
|
/* Query the process information to get its PEB address */
|
|
|
|
Status = NtQueryInformationProcess(hProcess, ProcessBasicInformation, &ProcInfo, sizeof(ProcInfo), NULL);
|
|
|
|
if (!NT_SUCCESS(Status))
|
2004-11-02 23:42:49 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return FALSE;
|
2004-11-02 23:42:49 +00:00
|
|
|
}
|
2013-10-30 10:56:02 +00:00
|
|
|
|
|
|
|
/* If no module was provided, get base as module */
|
|
|
|
if (hModule == NULL)
|
2004-11-02 23:42:49 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
if (!ReadProcessMemory(hProcess, &ProcInfo.PebBaseAddress->ImageBaseAddress, &hModule, sizeof(hModule), NULL))
|
|
|
|
{
|
|
|
|
return FALSE;
|
|
|
|
}
|
2004-11-02 23:42:49 +00:00
|
|
|
}
|
2002-08-31 15:36:56 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Read loader data address from PEB */
|
|
|
|
if (!ReadProcessMemory(hProcess, &ProcInfo.PebBaseAddress->Ldr, &LoaderData, sizeof(LoaderData), NULL))
|
2004-11-02 23:42:49 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
return FALSE;
|
2004-11-02 23:42:49 +00:00
|
|
|
}
|
2013-10-30 10:56:02 +00:00
|
|
|
|
|
|
|
if (LoaderData == NULL)
|
2004-11-02 23:42:49 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
SetLastError(ERROR_INVALID_HANDLE);
|
|
|
|
return FALSE;
|
2004-11-02 23:42:49 +00:00
|
|
|
}
|
2002-08-31 15:36:56 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Store list head address */
|
|
|
|
ListHead = &(LoaderData->InMemoryOrderModuleList);
|
2002-08-31 15:36:56 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Read first element in the modules list */
|
|
|
|
if (!ReadProcessMemory(hProcess,
|
|
|
|
&(LoaderData->InMemoryOrderModuleList.Flink),
|
|
|
|
&ListEntry,
|
|
|
|
sizeof(ListEntry),
|
|
|
|
NULL))
|
2002-08-31 15:36:56 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
Count = 0;
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Loop on the modules */
|
|
|
|
while (ListEntry != ListHead)
|
|
|
|
{
|
|
|
|
/* Load module data */
|
|
|
|
if (!ReadProcessMemory(hProcess,
|
2015-06-15 18:38:57 +00:00
|
|
|
CONTAINING_RECORD(ListEntry, LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks),
|
2013-10-30 10:56:02 +00:00
|
|
|
Module,
|
|
|
|
sizeof(*Module),
|
|
|
|
NULL))
|
2004-11-02 23:42:49 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
return FALSE;
|
2004-11-02 23:42:49 +00:00
|
|
|
}
|
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Does that match the module we're looking for? */
|
|
|
|
if (Module->DllBase == hModule)
|
2004-11-02 23:42:49 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
return TRUE;
|
2004-11-02 23:42:49 +00:00
|
|
|
}
|
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
++Count;
|
|
|
|
if (Count > MAX_MODULES)
|
2004-11-02 23:42:49 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
break;
|
2004-11-02 23:42:49 +00:00
|
|
|
}
|
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Get to next listed module */
|
2015-06-15 18:38:57 +00:00
|
|
|
ListEntry = Module->InMemoryOrderLinks.Flink;
|
2002-08-31 15:36:56 +00:00
|
|
|
}
|
2004-11-02 23:42:49 +00:00
|
|
|
|
|
|
|
SetLastError(ERROR_INVALID_HANDLE);
|
2013-10-30 10:56:02 +00:00
|
|
|
return FALSE;
|
2004-11-02 23:42:49 +00:00
|
|
|
}
|
|
|
|
|
2004-11-06 11:45:47 +00:00
|
|
|
typedef struct _INTERNAL_ENUM_PAGE_FILES_CONTEXT
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
LPVOID lpContext;
|
|
|
|
PENUM_PAGE_FILE_CALLBACKA pCallbackRoutine;
|
|
|
|
DWORD dwErrCode;
|
2004-11-06 11:45:47 +00:00
|
|
|
} INTERNAL_ENUM_PAGE_FILES_CONTEXT, *PINTERNAL_ENUM_PAGE_FILES_CONTEXT;
|
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
2009-08-20 12:09:16 +00:00
|
|
|
static BOOL CALLBACK
|
2013-10-30 10:56:02 +00:00
|
|
|
CallBackConvertToAscii(LPVOID pContext,
|
|
|
|
PENUM_PAGE_FILE_INFORMATION pPageFileInfo,
|
|
|
|
LPCWSTR lpFilename)
|
2004-11-06 11:45:47 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
BOOL Ret;
|
2020-01-03 20:43:44 +00:00
|
|
|
SIZE_T Len;
|
2013-10-30 10:56:02 +00:00
|
|
|
LPSTR AnsiFileName;
|
|
|
|
PINTERNAL_ENUM_PAGE_FILES_CONTEXT Context = (PINTERNAL_ENUM_PAGE_FILES_CONTEXT)pContext;
|
2004-11-06 11:45:47 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
Len = wcslen(lpFilename);
|
2004-11-06 11:45:47 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Alloc space for the ANSI string */
|
|
|
|
AnsiFileName = LocalAlloc(LMEM_FIXED, (Len * sizeof(CHAR)) + sizeof(ANSI_NULL));
|
|
|
|
if (AnsiFileName == NULL)
|
|
|
|
{
|
|
|
|
Context->dwErrCode = RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES);
|
|
|
|
return FALSE;
|
|
|
|
}
|
2004-11-06 11:45:47 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Convert string to ANSI */
|
|
|
|
if (WideCharToMultiByte(CP_ACP, 0, lpFilename, -1, AnsiFileName, (Len * sizeof(CHAR)) + sizeof(ANSI_NULL), NULL, NULL) == 0)
|
|
|
|
{
|
|
|
|
Context->dwErrCode = GetLastError();
|
|
|
|
LocalFree(AnsiFileName);
|
|
|
|
return FALSE;
|
|
|
|
}
|
2004-11-06 11:45:47 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* And finally call "real" callback */
|
2004-11-06 11:45:47 +00:00
|
|
|
Ret = Context->pCallbackRoutine(Context->lpContext, pPageFileInfo, AnsiFileName);
|
2013-10-30 10:56:02 +00:00
|
|
|
LocalFree(AnsiFileName);
|
2004-11-06 11:45:47 +00:00
|
|
|
|
|
|
|
return Ret;
|
|
|
|
}
|
|
|
|
|
2013-10-30 15:19:35 +00:00
|
|
|
/*
|
|
|
|
* @unimplemented
|
|
|
|
*/
|
2013-10-30 17:59:20 +00:00
|
|
|
static VOID NTAPI
|
|
|
|
PsParseCommandLine(VOID)
|
2013-10-30 15:19:35 +00:00
|
|
|
{
|
|
|
|
UNIMPLEMENTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* @unimplemented
|
|
|
|
*/
|
2013-10-30 17:59:20 +00:00
|
|
|
static VOID NTAPI
|
|
|
|
PsInitializeAndStartProfile(VOID)
|
2013-10-30 15:19:35 +00:00
|
|
|
{
|
|
|
|
UNIMPLEMENTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* @unimplemented
|
|
|
|
*/
|
2013-10-30 17:59:20 +00:00
|
|
|
static VOID NTAPI
|
|
|
|
PsStopAndAnalyzeProfile(VOID)
|
2013-10-30 15:19:35 +00:00
|
|
|
{
|
|
|
|
UNIMPLEMENTED;
|
|
|
|
}
|
|
|
|
|
2004-11-02 23:42:49 +00:00
|
|
|
/* PUBLIC *********************************************************************/
|
|
|
|
|
2013-10-30 15:19:35 +00:00
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
BOOLEAN
|
|
|
|
WINAPI
|
|
|
|
DllMain(HINSTANCE hDllHandle,
|
|
|
|
DWORD nReason,
|
|
|
|
LPVOID Reserved)
|
|
|
|
{
|
|
|
|
switch(nReason)
|
|
|
|
{
|
|
|
|
case DLL_PROCESS_ATTACH:
|
|
|
|
DisableThreadLibraryCalls(hDllHandle);
|
|
|
|
if (NtCurrentPeb()->ProcessParameters->Flags & RTL_USER_PROCESS_PARAMETERS_PROFILE_USER)
|
|
|
|
{
|
|
|
|
PsParseCommandLine();
|
|
|
|
PsInitializeAndStartProfile();
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case DLL_PROCESS_DETACH:
|
|
|
|
if (NtCurrentPeb()->ProcessParameters->Flags & RTL_USER_PROCESS_PARAMETERS_PROFILE_USER)
|
|
|
|
{
|
|
|
|
PsStopAndAnalyzeProfile();
|
|
|
|
}
|
2021-09-13 01:33:14 +00:00
|
|
|
break;
|
2013-10-30 15:19:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2004-11-02 23:42:49 +00:00
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
BOOL
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-02 23:42:49 +00:00
|
|
|
EmptyWorkingSet(HANDLE hProcess)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
SYSTEM_INFO SystemInfo;
|
|
|
|
QUOTA_LIMITS QuotaLimits;
|
|
|
|
NTSTATUS Status;
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
GetSystemInfo(&SystemInfo);
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Query the working set */
|
|
|
|
Status = NtQueryInformationProcess(hProcess,
|
|
|
|
ProcessQuotaLimits,
|
|
|
|
&QuotaLimits,
|
|
|
|
sizeof(QuotaLimits),
|
|
|
|
NULL);
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return FALSE;
|
|
|
|
}
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Empty the working set */
|
|
|
|
QuotaLimits.MinimumWorkingSetSize = -1;
|
|
|
|
QuotaLimits.MaximumWorkingSetSize = -1;
|
2007-10-19 23:21:45 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Set the working set */
|
|
|
|
Status = NtSetInformationProcess(hProcess,
|
|
|
|
ProcessQuotaLimits,
|
|
|
|
&QuotaLimits,
|
|
|
|
sizeof(QuotaLimits));
|
|
|
|
if (!NT_SUCCESS(Status) && Status != STATUS_PRIVILEGE_NOT_HELD)
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return TRUE;
|
2004-11-02 23:42:49 +00:00
|
|
|
}
|
|
|
|
|
2002-08-31 15:36:56 +00:00
|
|
|
|
2004-11-02 23:42:49 +00:00
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
BOOL
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-02 23:42:49 +00:00
|
|
|
EnumDeviceDrivers(LPVOID *lpImageBase,
|
|
|
|
DWORD cb,
|
|
|
|
LPDWORD lpcbNeeded)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
NTSTATUS Status;
|
|
|
|
DWORD NewSize, Count;
|
|
|
|
PRTL_PROCESS_MODULES Information;
|
|
|
|
/* By default, to prevent too many reallocations, we already make room for 4 modules */
|
|
|
|
DWORD Size = sizeof(RTL_PROCESS_MODULES) + 3 * sizeof(RTL_PROCESS_MODULE_INFORMATION);
|
2007-10-19 23:21:45 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
do
|
|
|
|
{
|
|
|
|
/* Allocate a buffer to hold modules information */
|
|
|
|
Information = LocalAlloc(LMEM_FIXED, Size);
|
|
|
|
if (!Information)
|
|
|
|
{
|
|
|
|
SetLastError(ERROR_NO_SYSTEM_RESOURCES);
|
|
|
|
return FALSE;
|
|
|
|
}
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Query information */
|
|
|
|
Status = NtQuerySystemInformation(SystemModuleInformation, Information, Size, &Count);
|
|
|
|
/* In case of an error */
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
{
|
|
|
|
/* Save the amount of output modules */
|
|
|
|
NewSize = Information->NumberOfModules;
|
|
|
|
/* And free buffer */
|
|
|
|
LocalFree(Information);
|
|
|
|
|
|
|
|
/* If it was not a length mismatch (ie, buffer too small), just leave */
|
|
|
|
if (Status != STATUS_INFO_LENGTH_MISMATCH)
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Compute new size length */
|
|
|
|
ASSERT(Size >= sizeof(RTL_PROCESS_MODULES));
|
|
|
|
NewSize *= sizeof(RTL_PROCESS_MODULE_INFORMATION);
|
|
|
|
NewSize += sizeof(ULONG);
|
|
|
|
ASSERT(NewSize >= sizeof(RTL_PROCESS_MODULES));
|
|
|
|
/* Check whether it is really bigger - otherwise, leave */
|
|
|
|
if (NewSize < Size)
|
|
|
|
{
|
|
|
|
ASSERT(NewSize > Size);
|
|
|
|
SetLastError(RtlNtStatusToDosError(STATUS_INFO_LENGTH_MISMATCH));
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Loop again with that new buffer */
|
|
|
|
Size = NewSize;
|
|
|
|
continue;
|
|
|
|
}
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* End of allocation loop */
|
|
|
|
break;
|
|
|
|
} while (TRUE);
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
_SEH2_TRY
|
|
|
|
{
|
|
|
|
for (Count = 0; Count < Information->NumberOfModules && Count < cb / sizeof(LPVOID); ++Count)
|
|
|
|
{
|
|
|
|
lpImageBase[Count] = Information->Modules[Count].ImageBase;
|
|
|
|
}
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
*lpcbNeeded = Information->NumberOfModules * sizeof(LPVOID);
|
|
|
|
}
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(_SEH2_GetExceptionCode()));
|
|
|
|
_SEH2_YIELD(return FALSE);
|
|
|
|
}
|
|
|
|
_SEH2_END;
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
return TRUE;
|
2002-08-31 15:36:56 +00:00
|
|
|
}
|
|
|
|
|
2004-11-02 23:42:49 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
BOOL
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-02 23:42:49 +00:00
|
|
|
EnumProcesses(DWORD *lpidProcess,
|
|
|
|
DWORD cb,
|
|
|
|
LPDWORD lpcbNeeded)
|
2002-08-31 15:36:56 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
NTSTATUS Status;
|
|
|
|
DWORD Size = MAXSHORT, Count;
|
|
|
|
PSYSTEM_PROCESS_INFORMATION ProcInfo;
|
|
|
|
PSYSTEM_PROCESS_INFORMATION ProcInfoArray;
|
2007-10-19 23:21:45 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* First of all, query all the processes */
|
|
|
|
do
|
|
|
|
{
|
|
|
|
ProcInfoArray = LocalAlloc(LMEM_FIXED, Size);
|
|
|
|
if (ProcInfoArray == NULL)
|
|
|
|
{
|
|
|
|
return FALSE;
|
|
|
|
}
|
2007-10-19 23:21:45 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
Status = NtQuerySystemInformation(SystemProcessInformation, ProcInfoArray, Size, NULL);
|
|
|
|
if (Status == STATUS_INFO_LENGTH_MISMATCH)
|
|
|
|
{
|
|
|
|
LocalFree(ProcInfoArray);
|
|
|
|
Size += MAXSHORT;
|
|
|
|
continue;
|
|
|
|
}
|
2007-10-19 23:21:45 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
while (TRUE);
|
2002-08-31 15:36:56 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
{
|
|
|
|
LocalFree(ProcInfoArray);
|
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return FALSE;
|
|
|
|
}
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Then, loop to output data */
|
|
|
|
Count = 0;
|
|
|
|
ProcInfo = ProcInfoArray;
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
_SEH2_TRY
|
|
|
|
{
|
|
|
|
do
|
|
|
|
{
|
|
|
|
/* It may sound weird, but actually MS only updated Count on
|
|
|
|
* successful write. So, it cannot measure the amount of space needed!
|
|
|
|
* This is really tricky.
|
|
|
|
*/
|
|
|
|
if (Count < cb / sizeof(DWORD))
|
|
|
|
{
|
2018-04-23 09:42:32 +00:00
|
|
|
lpidProcess[Count] = HandleToUlong(ProcInfo->UniqueProcessId);
|
2013-10-30 10:56:02 +00:00
|
|
|
Count++;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ProcInfo->NextEntryOffset == 0)
|
|
|
|
{
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
ProcInfo = (PSYSTEM_PROCESS_INFORMATION)((ULONG_PTR)ProcInfo + ProcInfo->NextEntryOffset);
|
|
|
|
}
|
|
|
|
while (TRUE);
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
*lpcbNeeded = Count * sizeof(DWORD);
|
|
|
|
}
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(_SEH2_GetExceptionCode()));
|
|
|
|
LocalFree(ProcInfoArray);
|
|
|
|
_SEH2_YIELD(return FALSE);
|
|
|
|
}
|
|
|
|
_SEH2_END;
|
|
|
|
|
|
|
|
LocalFree(ProcInfoArray);
|
|
|
|
return TRUE;
|
2004-11-02 23:42:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
BOOL
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-02 23:42:49 +00:00
|
|
|
EnumProcessModules(HANDLE hProcess,
|
|
|
|
HMODULE *lphModule,
|
|
|
|
DWORD cb,
|
|
|
|
LPDWORD lpcbNeeded)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
NTSTATUS Status;
|
|
|
|
DWORD NbOfModules, Count;
|
|
|
|
PPEB_LDR_DATA LoaderData;
|
|
|
|
PLIST_ENTRY ListHead, ListEntry;
|
|
|
|
PROCESS_BASIC_INFORMATION ProcInfo;
|
|
|
|
LDR_DATA_TABLE_ENTRY CurrentModule;
|
|
|
|
|
|
|
|
/* Query the process information to get its PEB address */
|
|
|
|
Status = NtQueryInformationProcess(hProcess, ProcessBasicInformation, &ProcInfo, sizeof(ProcInfo), NULL);
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return FALSE;
|
|
|
|
}
|
2007-10-19 23:21:45 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
if (ProcInfo.PebBaseAddress == NULL)
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(STATUS_PARTIAL_COPY));
|
|
|
|
return FALSE;
|
|
|
|
}
|
2007-10-19 23:21:45 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Read loader data address from PEB */
|
|
|
|
if (!ReadProcessMemory(hProcess, &ProcInfo.PebBaseAddress->Ldr, &LoaderData, sizeof(LoaderData), NULL))
|
|
|
|
{
|
|
|
|
return FALSE;
|
|
|
|
}
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Store list head address */
|
|
|
|
ListHead = &LoaderData->InLoadOrderModuleList;
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Read first element in the modules list */
|
|
|
|
if (!ReadProcessMemory(hProcess, &LoaderData->InLoadOrderModuleList.Flink, &ListEntry, sizeof(ListEntry), NULL))
|
|
|
|
{
|
|
|
|
return FALSE;
|
|
|
|
}
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
NbOfModules = cb / sizeof(HMODULE);
|
|
|
|
Count = 0;
|
2007-10-19 23:21:45 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Loop on the modules */
|
|
|
|
while (ListEntry != ListHead)
|
|
|
|
{
|
|
|
|
/* Load module data */
|
|
|
|
if (!ReadProcessMemory(hProcess,
|
|
|
|
CONTAINING_RECORD(ListEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks),
|
|
|
|
&CurrentModule,
|
|
|
|
sizeof(CurrentModule),
|
|
|
|
NULL))
|
|
|
|
{
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Check if we can output module, do it if so */
|
|
|
|
if (Count < NbOfModules)
|
|
|
|
{
|
|
|
|
_SEH2_TRY
|
|
|
|
{
|
|
|
|
lphModule[Count] = CurrentModule.DllBase;
|
|
|
|
}
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(_SEH2_GetExceptionCode()));
|
|
|
|
_SEH2_YIELD(return FALSE);
|
|
|
|
}
|
|
|
|
_SEH2_END;
|
|
|
|
}
|
|
|
|
|
|
|
|
++Count;
|
|
|
|
if (Count > MAX_MODULES)
|
|
|
|
{
|
|
|
|
SetLastError(ERROR_INVALID_HANDLE);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Get to next listed module */
|
|
|
|
ListEntry = CurrentModule.InLoadOrderLinks.Flink;
|
|
|
|
}
|
|
|
|
|
|
|
|
_SEH2_TRY
|
|
|
|
{
|
|
|
|
*lpcbNeeded = Count * sizeof(HMODULE);
|
|
|
|
}
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(_SEH2_GetExceptionCode()));
|
|
|
|
_SEH2_YIELD(return FALSE);
|
|
|
|
}
|
|
|
|
_SEH2_END;
|
|
|
|
|
|
|
|
return TRUE;
|
2002-08-31 15:36:56 +00:00
|
|
|
}
|
|
|
|
|
2004-11-02 23:42:49 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
DWORD
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-02 23:42:49 +00:00
|
|
|
GetDeviceDriverBaseNameA(LPVOID ImageBase,
|
|
|
|
LPSTR lpBaseName,
|
|
|
|
DWORD nSize)
|
2002-08-31 15:36:56 +00:00
|
|
|
{
|
2020-01-03 20:43:44 +00:00
|
|
|
SIZE_T Len, LenWithNull;
|
2013-10-30 10:56:02 +00:00
|
|
|
RTL_PROCESS_MODULE_INFORMATION Module;
|
|
|
|
|
|
|
|
/* Get the associated device driver to the base address */
|
|
|
|
if (!FindDeviceDriver(ImageBase, &Module))
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* And copy as much as possible to output buffer.
|
|
|
|
* Try to add 1 to the len, to copy the null char as well.
|
|
|
|
*/
|
|
|
|
Len =
|
|
|
|
LenWithNull = strlen(&Module.FullPathName[Module.OffsetToFileName]) + 1;
|
|
|
|
if (Len > nSize)
|
|
|
|
{
|
|
|
|
Len = nSize;
|
|
|
|
}
|
|
|
|
|
|
|
|
memcpy(lpBaseName, &Module.FullPathName[Module.OffsetToFileName], Len);
|
|
|
|
/* In case we copied null char, remove it from final len */
|
|
|
|
if (Len == LenWithNull)
|
|
|
|
{
|
|
|
|
--Len;
|
|
|
|
}
|
|
|
|
|
|
|
|
return Len;
|
2002-08-31 15:36:56 +00:00
|
|
|
}
|
|
|
|
|
2004-11-02 23:42:49 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
DWORD
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-02 23:42:49 +00:00
|
|
|
GetDeviceDriverFileNameA(LPVOID ImageBase,
|
|
|
|
LPSTR lpFilename,
|
|
|
|
DWORD nSize)
|
2002-08-31 15:36:56 +00:00
|
|
|
{
|
2020-01-03 20:43:44 +00:00
|
|
|
SIZE_T Len, LenWithNull;
|
2013-10-30 10:56:02 +00:00
|
|
|
RTL_PROCESS_MODULE_INFORMATION Module;
|
|
|
|
|
|
|
|
/* Get the associated device driver to the base address */
|
|
|
|
if (!FindDeviceDriver(ImageBase, &Module))
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* And copy as much as possible to output buffer.
|
|
|
|
* Try to add 1 to the len, to copy the null char as well.
|
|
|
|
*/
|
|
|
|
Len =
|
|
|
|
LenWithNull = strlen(Module.FullPathName) + 1;
|
|
|
|
if (Len > nSize)
|
|
|
|
{
|
|
|
|
Len = nSize;
|
|
|
|
}
|
|
|
|
|
|
|
|
memcpy(lpFilename, Module.FullPathName, Len);
|
|
|
|
/* In case we copied null char, remove it from final len */
|
|
|
|
if (Len == LenWithNull)
|
|
|
|
{
|
|
|
|
--Len;
|
|
|
|
}
|
|
|
|
|
|
|
|
return Len;
|
2002-08-31 15:36:56 +00:00
|
|
|
}
|
|
|
|
|
2004-11-02 23:42:49 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
DWORD
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-02 23:42:49 +00:00
|
|
|
GetDeviceDriverBaseNameW(LPVOID ImageBase,
|
|
|
|
LPWSTR lpBaseName,
|
|
|
|
DWORD nSize)
|
2002-08-31 15:36:56 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
DWORD Len;
|
|
|
|
LPSTR BaseName;
|
|
|
|
|
|
|
|
/* Allocate internal buffer for conversion */
|
|
|
|
BaseName = LocalAlloc(LMEM_FIXED, nSize);
|
|
|
|
if (BaseName == 0)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Call A API */
|
|
|
|
Len = GetDeviceDriverBaseNameA(ImageBase, BaseName, nSize);
|
|
|
|
if (Len == 0)
|
|
|
|
{
|
|
|
|
LocalFree(BaseName);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* And convert output */
|
|
|
|
if (MultiByteToWideChar(CP_ACP, 0, BaseName, (Len < nSize) ? Len + 1 : Len, lpBaseName, nSize) == 0)
|
|
|
|
{
|
|
|
|
LocalFree(BaseName);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
LocalFree(BaseName);
|
|
|
|
return Len;
|
2002-08-31 15:36:56 +00:00
|
|
|
}
|
|
|
|
|
2004-11-02 23:42:49 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
DWORD
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-02 23:42:49 +00:00
|
|
|
GetDeviceDriverFileNameW(LPVOID ImageBase,
|
|
|
|
LPWSTR lpFilename,
|
|
|
|
DWORD nSize)
|
2002-08-31 15:36:56 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
DWORD Len;
|
|
|
|
LPSTR FileName;
|
|
|
|
|
|
|
|
/* Allocate internal buffer for conversion */
|
|
|
|
FileName = LocalAlloc(LMEM_FIXED, nSize);
|
|
|
|
if (FileName == 0)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Call A API */
|
|
|
|
Len = GetDeviceDriverFileNameA(ImageBase, FileName, nSize);
|
|
|
|
if (Len == 0)
|
|
|
|
{
|
|
|
|
LocalFree(FileName);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* And convert output */
|
|
|
|
if (MultiByteToWideChar(CP_ACP, 0, FileName, (Len < nSize) ? Len + 1 : Len, lpFilename, nSize) == 0)
|
|
|
|
{
|
|
|
|
LocalFree(FileName);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
LocalFree(FileName);
|
|
|
|
return Len;
|
2002-08-31 15:36:56 +00:00
|
|
|
}
|
|
|
|
|
2004-11-02 23:42:49 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
DWORD
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-02 23:42:49 +00:00
|
|
|
GetMappedFileNameA(HANDLE hProcess,
|
|
|
|
LPVOID lpv,
|
|
|
|
LPSTR lpFilename,
|
|
|
|
DWORD nSize)
|
2002-08-31 15:36:56 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
DWORD Len;
|
|
|
|
LPWSTR FileName;
|
|
|
|
|
2013-10-30 10:58:31 +00:00
|
|
|
DPRINT("GetMappedFileNameA(%p, %p, %p, %lu)\n", hProcess, lpv, lpFilename, nSize);
|
2013-10-30 10:56:02 +00:00
|
|
|
|
|
|
|
/* Allocate internal buffer for conversion */
|
|
|
|
FileName = LocalAlloc(LMEM_FIXED, nSize * sizeof(WCHAR));
|
|
|
|
if (FileName == NULL)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Call W API */
|
|
|
|
Len = GetMappedFileNameW(hProcess, lpv, FileName, nSize);
|
|
|
|
|
|
|
|
/* And convert output */
|
|
|
|
if (WideCharToMultiByte(CP_ACP, 0, FileName, (Len < nSize) ? Len + 1 : Len, lpFilename, nSize, NULL, NULL) == 0)
|
|
|
|
{
|
|
|
|
Len = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
LocalFree(FileName);
|
|
|
|
return Len;
|
2002-08-31 15:36:56 +00:00
|
|
|
}
|
2004-10-31 01:23:05 +00:00
|
|
|
|
2004-11-02 23:42:49 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
DWORD
|
|
|
|
WINAPI
|
|
|
|
GetMappedFileNameW(HANDLE hProcess,
|
|
|
|
LPVOID lpv,
|
|
|
|
LPWSTR lpFilename,
|
|
|
|
DWORD nSize)
|
|
|
|
{
|
|
|
|
DWORD Len;
|
2018-04-23 09:42:32 +00:00
|
|
|
SIZE_T OutSize;
|
2013-10-30 10:56:02 +00:00
|
|
|
NTSTATUS Status;
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
MEMORY_SECTION_NAME;
|
|
|
|
WCHAR CharBuffer[MAX_PATH];
|
|
|
|
} SectionName;
|
|
|
|
|
2013-10-30 10:58:31 +00:00
|
|
|
DPRINT("GetMappedFileNameW(%p, %p, %p, %lu)\n", hProcess, lpv, lpFilename, nSize);
|
2013-10-30 10:56:02 +00:00
|
|
|
|
|
|
|
/* If no buffer, no need to keep going on */
|
|
|
|
if (nSize == 0)
|
|
|
|
{
|
|
|
|
SetLastError(ERROR_INSUFFICIENT_BUFFER);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Query section name */
|
|
|
|
Status = NtQueryVirtualMemory(hProcess, lpv, MemorySectionName,
|
|
|
|
&SectionName, sizeof(SectionName), &OutSize);
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Prepare to copy file name */
|
|
|
|
Len =
|
|
|
|
OutSize = SectionName.SectionFileName.Length / sizeof(WCHAR);
|
|
|
|
if (OutSize + 1 > nSize)
|
|
|
|
{
|
|
|
|
Len = nSize - 1;
|
|
|
|
OutSize = nSize;
|
|
|
|
SetLastError(ERROR_INSUFFICIENT_BUFFER);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
SetLastError(ERROR_SUCCESS);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Copy, zero and return */
|
|
|
|
memcpy(lpFilename, SectionName.SectionFileName.Buffer, Len * sizeof(WCHAR));
|
|
|
|
lpFilename[Len] = 0;
|
|
|
|
|
|
|
|
return OutSize;
|
2004-11-02 23:42:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
DWORD
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-02 23:42:49 +00:00
|
|
|
GetModuleBaseNameA(HANDLE hProcess,
|
|
|
|
HMODULE hModule,
|
|
|
|
LPSTR lpBaseName,
|
|
|
|
DWORD nSize)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
DWORD Len;
|
|
|
|
PWSTR BaseName;
|
|
|
|
|
|
|
|
/* Allocate internal buffer for conversion */
|
|
|
|
BaseName = LocalAlloc(LMEM_FIXED, nSize * sizeof(WCHAR));
|
|
|
|
if (BaseName == NULL)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Call W API */
|
|
|
|
Len = GetModuleBaseNameW(hProcess, hModule, BaseName, nSize);
|
|
|
|
/* And convert output */
|
|
|
|
if (WideCharToMultiByte(CP_ACP, 0, BaseName, (Len < nSize) ? Len + 1 : Len, lpBaseName, nSize, NULL, NULL) == 0)
|
|
|
|
{
|
|
|
|
Len = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
LocalFree(BaseName);
|
|
|
|
|
|
|
|
return Len;
|
2004-11-02 23:42:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
DWORD
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-02 23:42:49 +00:00
|
|
|
GetModuleBaseNameW(HANDLE hProcess,
|
|
|
|
HMODULE hModule,
|
|
|
|
LPWSTR lpBaseName,
|
|
|
|
DWORD nSize)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
DWORD Len;
|
|
|
|
LDR_DATA_TABLE_ENTRY Module;
|
|
|
|
|
|
|
|
/* Get the matching module */
|
|
|
|
if (!FindModule(hProcess, hModule, &Module))
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Get the maximum len we have/can write in given size */
|
|
|
|
Len = Module.BaseDllName.Length + sizeof(UNICODE_NULL);
|
|
|
|
if (nSize * sizeof(WCHAR) < Len)
|
|
|
|
{
|
|
|
|
Len = nSize * sizeof(WCHAR);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Read string */
|
|
|
|
if (!ReadProcessMemory(hProcess, (&Module.BaseDllName)->Buffer, lpBaseName, Len, NULL))
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* If we are at the end of the string, prepare to override to nullify string */
|
|
|
|
if (Len == Module.BaseDllName.Length + sizeof(UNICODE_NULL))
|
|
|
|
{
|
|
|
|
Len -= sizeof(UNICODE_NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Nullify at the end if needed */
|
|
|
|
if (Len >= nSize * sizeof(WCHAR))
|
|
|
|
{
|
|
|
|
if (nSize)
|
|
|
|
{
|
|
|
|
ASSERT(nSize >= sizeof(UNICODE_NULL));
|
|
|
|
lpBaseName[nSize - 1] = UNICODE_NULL;
|
|
|
|
}
|
|
|
|
}
|
2016-11-12 21:53:33 +00:00
|
|
|
/* Otherwise, nullify at last written char */
|
2013-10-30 10:56:02 +00:00
|
|
|
else
|
|
|
|
{
|
|
|
|
ASSERT(Len + sizeof(UNICODE_NULL) <= nSize * sizeof(WCHAR));
|
|
|
|
lpBaseName[Len / sizeof(WCHAR)] = UNICODE_NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return Len / sizeof(WCHAR);
|
2004-11-02 23:42:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
DWORD
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-02 23:42:49 +00:00
|
|
|
GetModuleFileNameExA(HANDLE hProcess,
|
|
|
|
HMODULE hModule,
|
|
|
|
LPSTR lpFilename,
|
|
|
|
DWORD nSize)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
DWORD Len;
|
|
|
|
PWSTR Filename;
|
|
|
|
|
|
|
|
/* Allocate internal buffer for conversion */
|
|
|
|
Filename = LocalAlloc(LMEM_FIXED, nSize * sizeof(WCHAR));
|
|
|
|
if (Filename == NULL)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Call W API */
|
|
|
|
Len = GetModuleFileNameExW(hProcess, hModule, Filename, nSize);
|
|
|
|
/* And convert output */
|
|
|
|
if (WideCharToMultiByte(CP_ACP, 0, Filename, (Len < nSize) ? Len + 1 : Len, lpFilename, nSize, NULL, NULL) == 0)
|
|
|
|
{
|
|
|
|
Len = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
LocalFree(Filename);
|
|
|
|
|
|
|
|
return Len;
|
2004-11-02 23:42:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
DWORD
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-02 23:42:49 +00:00
|
|
|
GetModuleFileNameExW(HANDLE hProcess,
|
|
|
|
HMODULE hModule,
|
|
|
|
LPWSTR lpFilename,
|
|
|
|
DWORD nSize)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
DWORD Len;
|
|
|
|
LDR_DATA_TABLE_ENTRY Module;
|
|
|
|
|
|
|
|
/* Get the matching module */
|
|
|
|
if (!FindModule(hProcess, hModule, &Module))
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Get the maximum len we have/can write in given size */
|
|
|
|
Len = Module.FullDllName.Length + sizeof(UNICODE_NULL);
|
|
|
|
if (nSize * sizeof(WCHAR) < Len)
|
|
|
|
{
|
|
|
|
Len = nSize * sizeof(WCHAR);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Read string */
|
|
|
|
if (!ReadProcessMemory(hProcess, (&Module.FullDllName)->Buffer, lpFilename, Len, NULL))
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* If we are at the end of the string, prepare to override to nullify string */
|
|
|
|
if (Len == Module.FullDllName.Length + sizeof(UNICODE_NULL))
|
|
|
|
{
|
|
|
|
Len -= sizeof(UNICODE_NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Nullify at the end if needed */
|
|
|
|
if (Len >= nSize * sizeof(WCHAR))
|
|
|
|
{
|
|
|
|
if (nSize)
|
|
|
|
{
|
|
|
|
ASSERT(nSize >= sizeof(UNICODE_NULL));
|
|
|
|
lpFilename[nSize - 1] = UNICODE_NULL;
|
|
|
|
}
|
|
|
|
}
|
2016-11-12 21:53:33 +00:00
|
|
|
/* Otherwise, nullify at last written char */
|
2013-10-30 10:56:02 +00:00
|
|
|
else
|
|
|
|
{
|
|
|
|
ASSERT(Len + sizeof(UNICODE_NULL) <= nSize * sizeof(WCHAR));
|
|
|
|
lpFilename[Len / sizeof(WCHAR)] = UNICODE_NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return Len / sizeof(WCHAR);
|
2004-11-02 23:42:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
BOOL
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-02 23:42:49 +00:00
|
|
|
GetModuleInformation(HANDLE hProcess,
|
|
|
|
HMODULE hModule,
|
|
|
|
LPMODULEINFO lpmodinfo,
|
|
|
|
DWORD cb)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
MODULEINFO LocalInfo;
|
|
|
|
LDR_DATA_TABLE_ENTRY Module;
|
2008-09-19 14:15:05 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Check output size */
|
|
|
|
if (cb < sizeof(MODULEINFO))
|
|
|
|
{
|
|
|
|
SetLastError(ERROR_INSUFFICIENT_BUFFER);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Get the matching module */
|
|
|
|
if (!FindModule(hProcess, hModule, &Module))
|
|
|
|
{
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Get a local copy first, to check for valid pointer once */
|
|
|
|
LocalInfo.lpBaseOfDll = hModule;
|
|
|
|
LocalInfo.SizeOfImage = Module.SizeOfImage;
|
|
|
|
LocalInfo.EntryPoint = Module.EntryPoint;
|
|
|
|
|
|
|
|
/* Attempt to copy to output */
|
|
|
|
_SEH2_TRY
|
|
|
|
{
|
|
|
|
memcpy(lpmodinfo, &LocalInfo, sizeof(LocalInfo));
|
|
|
|
}
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(_SEH2_GetExceptionCode()));
|
|
|
|
_SEH2_YIELD(return FALSE);
|
|
|
|
}
|
|
|
|
_SEH2_END;
|
|
|
|
|
|
|
|
return TRUE;
|
2004-11-02 23:42:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
2004-10-31 01:23:05 +00:00
|
|
|
BOOL
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-10-31 01:23:05 +00:00
|
|
|
InitializeProcessForWsWatch(HANDLE hProcess)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
NTSTATUS Status;
|
2004-10-31 01:23:05 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Simply forward the call */
|
|
|
|
Status = NtSetInformationProcess(hProcess,
|
|
|
|
ProcessWorkingSetWatch,
|
|
|
|
NULL,
|
|
|
|
0);
|
|
|
|
/* In case the function returns this, MS considers the call as a success */
|
|
|
|
if (NT_SUCCESS(Status) || Status == STATUS_PORT_ALREADY_SET || Status == STATUS_ACCESS_DENIED)
|
|
|
|
{
|
|
|
|
return TRUE;
|
|
|
|
}
|
2004-10-31 01:23:05 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return FALSE;
|
2004-10-31 01:23:05 +00:00
|
|
|
}
|
|
|
|
|
2004-11-02 23:42:49 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
2004-10-31 01:23:05 +00:00
|
|
|
BOOL
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-10-31 01:23:05 +00:00
|
|
|
GetWsChanges(HANDLE hProcess,
|
|
|
|
PPSAPI_WS_WATCH_INFORMATION lpWatchInfo,
|
|
|
|
DWORD cb)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
NTSTATUS Status;
|
2004-10-31 01:23:05 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Simply forward the call */
|
|
|
|
Status = NtQueryInformationProcess(hProcess,
|
|
|
|
ProcessWorkingSetWatch,
|
|
|
|
lpWatchInfo,
|
|
|
|
cb,
|
|
|
|
NULL);
|
|
|
|
if(!NT_SUCCESS(Status))
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return FALSE;
|
|
|
|
}
|
2004-10-31 01:23:05 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
return TRUE;
|
2004-10-31 01:23:05 +00:00
|
|
|
}
|
|
|
|
|
2004-11-05 23:53:06 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
DWORD
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-05 23:53:06 +00:00
|
|
|
GetProcessImageFileNameW(HANDLE hProcess,
|
|
|
|
LPWSTR lpImageFileName,
|
|
|
|
DWORD nSize)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
PUNICODE_STRING ImageFileName;
|
|
|
|
SIZE_T BufferSize;
|
|
|
|
NTSTATUS Status;
|
|
|
|
DWORD Len;
|
|
|
|
|
|
|
|
/* Allocate string big enough to hold name */
|
|
|
|
BufferSize = sizeof(UNICODE_STRING) + (nSize * sizeof(WCHAR));
|
|
|
|
ImageFileName = LocalAlloc(LMEM_FIXED, BufferSize);
|
|
|
|
if (ImageFileName == NULL)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
2004-11-05 23:53:06 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Query name */
|
2004-11-05 23:53:06 +00:00
|
|
|
Status = NtQueryInformationProcess(hProcess,
|
|
|
|
ProcessImageFileName,
|
|
|
|
ImageFileName,
|
|
|
|
BufferSize,
|
|
|
|
NULL);
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Len mismatch => buffer too small */
|
|
|
|
if (Status == STATUS_INFO_LENGTH_MISMATCH)
|
2004-11-05 23:53:06 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
Status = STATUS_BUFFER_TOO_SMALL;
|
2004-11-05 23:53:06 +00:00
|
|
|
}
|
2013-10-30 10:56:02 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
2004-11-06 01:42:04 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
LocalFree(ImageFileName);
|
|
|
|
return 0;
|
2004-11-06 01:42:04 +00:00
|
|
|
}
|
2013-10-30 10:56:02 +00:00
|
|
|
|
|
|
|
/* Copy name and null-terminate if possible */
|
|
|
|
memcpy(lpImageFileName, ImageFileName->Buffer, ImageFileName->Length);
|
|
|
|
Len = ImageFileName->Length / sizeof(WCHAR);
|
|
|
|
if (Len < nSize)
|
2004-11-05 23:53:06 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
lpImageFileName[Len] = UNICODE_NULL;
|
2004-11-05 23:53:06 +00:00
|
|
|
}
|
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
LocalFree(ImageFileName);
|
|
|
|
return Len;
|
2004-11-05 23:53:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
DWORD
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-05 23:53:06 +00:00
|
|
|
GetProcessImageFileNameA(HANDLE hProcess,
|
|
|
|
LPSTR lpImageFileName,
|
|
|
|
DWORD nSize)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
PUNICODE_STRING ImageFileName;
|
|
|
|
SIZE_T BufferSize;
|
|
|
|
NTSTATUS Status;
|
|
|
|
DWORD Len;
|
|
|
|
|
|
|
|
/* Allocate string big enough to hold name */
|
|
|
|
BufferSize = sizeof(UNICODE_STRING) + (nSize * sizeof(WCHAR));
|
|
|
|
ImageFileName = LocalAlloc(LMEM_FIXED, BufferSize);
|
|
|
|
if (ImageFileName == NULL)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
2004-11-05 23:53:06 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Query name */
|
2004-11-05 23:53:06 +00:00
|
|
|
Status = NtQueryInformationProcess(hProcess,
|
|
|
|
ProcessImageFileName,
|
|
|
|
ImageFileName,
|
|
|
|
BufferSize,
|
|
|
|
NULL);
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Len mismatch => buffer too small */
|
|
|
|
if (Status == STATUS_INFO_LENGTH_MISMATCH)
|
2004-11-05 23:53:06 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
Status = STATUS_BUFFER_TOO_SMALL;
|
2004-11-05 23:53:06 +00:00
|
|
|
}
|
2013-10-30 10:56:02 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
2004-11-06 01:42:04 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
LocalFree(ImageFileName);
|
|
|
|
return 0;
|
2004-11-06 01:42:04 +00:00
|
|
|
}
|
2013-10-30 10:56:02 +00:00
|
|
|
|
|
|
|
/* Copy name */
|
|
|
|
Len = WideCharToMultiByte(CP_ACP, 0, ImageFileName->Buffer,
|
|
|
|
ImageFileName->Length, lpImageFileName, nSize, NULL, NULL);
|
2016-11-12 21:53:33 +00:00
|
|
|
/* If conversion was successful, don't return len with added \0 */
|
2013-10-30 10:56:02 +00:00
|
|
|
if (Len != 0)
|
2004-11-05 23:53:06 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
Len -= sizeof(ANSI_NULL);
|
2004-11-06 01:42:04 +00:00
|
|
|
}
|
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
LocalFree(ImageFileName);
|
|
|
|
return Len;
|
2004-11-06 01:42:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
BOOL
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-06 01:42:04 +00:00
|
|
|
EnumPageFilesA(PENUM_PAGE_FILE_CALLBACKA pCallbackRoutine,
|
|
|
|
LPVOID lpContext)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
BOOL Ret;
|
|
|
|
INTERNAL_ENUM_PAGE_FILES_CONTEXT Context;
|
2007-10-19 23:21:45 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
Context.dwErrCode = ERROR_SUCCESS;
|
|
|
|
Context.lpContext = lpContext;
|
|
|
|
Context.pCallbackRoutine = pCallbackRoutine;
|
2007-10-19 23:21:45 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Call W with our own callback for W -> A conversions */
|
|
|
|
Ret = EnumPageFilesW(CallBackConvertToAscii, &Context);
|
|
|
|
/* If we succeed but we have error code, fail and set error */
|
|
|
|
if (Ret && Context.dwErrCode != ERROR_SUCCESS)
|
|
|
|
{
|
|
|
|
Ret = FALSE;
|
|
|
|
SetLastError(Context.dwErrCode);
|
|
|
|
}
|
|
|
|
|
|
|
|
return Ret;
|
2004-11-06 01:42:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
BOOL
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-06 01:42:04 +00:00
|
|
|
EnumPageFilesW(PENUM_PAGE_FILE_CALLBACKW pCallbackRoutine,
|
|
|
|
LPVOID lpContext)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
PWSTR Colon;
|
|
|
|
NTSTATUS Status;
|
|
|
|
DWORD Size = INIT_MEMORY_SIZE, Needed;
|
2004-11-06 01:42:04 +00:00
|
|
|
ENUM_PAGE_FILE_INFORMATION Information;
|
2013-10-30 10:56:02 +00:00
|
|
|
PSYSTEM_PAGEFILE_INFORMATION PageFileInfoArray, PageFileInfo;
|
2004-11-06 01:42:04 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* First loop till we have all the information about page files */
|
2004-11-06 01:42:04 +00:00
|
|
|
do
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
PageFileInfoArray = LocalAlloc(LMEM_FIXED, Size);
|
|
|
|
if (PageFileInfoArray == NULL)
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES));
|
|
|
|
return FALSE;
|
|
|
|
}
|
2004-11-06 01:42:04 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
Status = NtQuerySystemInformation(SystemPageFileInformation, PageFileInfoArray, Size, &Needed);
|
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
{
|
|
|
|
break;
|
|
|
|
}
|
2004-11-06 01:42:04 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
LocalFree(PageFileInfoArray);
|
2004-11-06 01:42:04 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* In case we have unexpected status, quit */
|
|
|
|
if (Status != STATUS_INFO_LENGTH_MISMATCH)
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return FALSE;
|
|
|
|
}
|
2004-11-06 01:42:04 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* If needed size is smaller than actual size, guess it's something to add to our current size */
|
|
|
|
if (Needed <= Size)
|
|
|
|
{
|
|
|
|
Size += Needed;
|
|
|
|
}
|
|
|
|
/* Otherwise, take it as size to allocate */
|
|
|
|
else
|
|
|
|
{
|
|
|
|
Size = Needed;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
while (TRUE);
|
2004-11-06 01:42:04 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Start browsing all our entries */
|
|
|
|
PageFileInfo = PageFileInfoArray;
|
|
|
|
do
|
|
|
|
{
|
|
|
|
/* Ensure we really have an entry */
|
|
|
|
if (Needed < sizeof(SYSTEM_PAGEFILE_INFORMATION))
|
|
|
|
{
|
|
|
|
break;
|
|
|
|
}
|
2004-11-05 23:53:06 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Prepare structure to hand to the user */
|
|
|
|
Information.Reserved = 0;
|
|
|
|
Information.cb = sizeof(Information);
|
|
|
|
Information.TotalSize = PageFileInfo->TotalSize;
|
|
|
|
Information.TotalInUse = PageFileInfo->TotalInUse;
|
|
|
|
Information.PeakUsage = PageFileInfo->PeakUsage;
|
|
|
|
|
|
|
|
/* Search for colon */
|
|
|
|
Colon = wcschr(PageFileInfo->PageFileName.Buffer, L':');
|
|
|
|
/* If it's found and not at the begin of the string */
|
|
|
|
if (Colon != 0 && Colon != PageFileInfo->PageFileName.Buffer)
|
|
|
|
{
|
|
|
|
/* We can call the user callback routine with the colon */
|
2014-04-27 18:35:46 +00:00
|
|
|
--Colon;
|
2013-10-30 10:56:02 +00:00
|
|
|
pCallbackRoutine(lpContext, &Information, Colon);
|
|
|
|
}
|
2004-11-06 01:42:04 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* If no next entry, then, it's over */
|
|
|
|
if (PageFileInfo->NextEntryOffset == 0 || PageFileInfo->NextEntryOffset > Needed)
|
|
|
|
{
|
|
|
|
break;
|
|
|
|
}
|
2004-11-05 23:53:06 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Jump to next entry while keeping accurate bytes left count */
|
|
|
|
Needed -= PageFileInfo->NextEntryOffset;
|
|
|
|
PageFileInfo = (PSYSTEM_PAGEFILE_INFORMATION)((ULONG_PTR)PageFileInfo + PageFileInfo->NextEntryOffset);
|
|
|
|
}
|
|
|
|
while (TRUE);
|
2004-11-06 01:42:04 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
LocalFree(PageFileInfoArray);
|
|
|
|
return TRUE;
|
2004-11-05 23:53:06 +00:00
|
|
|
}
|
|
|
|
|
2004-11-06 11:45:47 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
BOOL
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2004-11-06 11:45:47 +00:00
|
|
|
GetPerformanceInfo(PPERFORMANCE_INFORMATION pPerformanceInformation,
|
|
|
|
DWORD cb)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
NTSTATUS Status;
|
|
|
|
SYSTEM_BASIC_INFORMATION SystemBasicInfo;
|
|
|
|
SYSTEM_PERFORMANCE_INFORMATION SystemPerfInfo;
|
|
|
|
SYSTEM_FILECACHE_INFORMATION SystemFileCacheInfo;
|
|
|
|
PSYSTEM_PROCESS_INFORMATION ProcInfoArray, SystemProcInfo;
|
|
|
|
DWORD Size = INIT_MEMORY_SIZE, Needed, ProcCount, ThreadsCount, HandleCount;
|
|
|
|
|
|
|
|
/* Validate output buffer */
|
|
|
|
if (cb < sizeof(PERFORMANCE_INFORMATION))
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(STATUS_INFO_LENGTH_MISMATCH));
|
|
|
|
return FALSE;
|
|
|
|
}
|
2004-11-06 11:45:47 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* First, gather as many information about the system as possible */
|
|
|
|
Status = NtQuerySystemInformation(SystemBasicInformation,
|
|
|
|
&SystemBasicInfo,
|
|
|
|
sizeof(SystemBasicInfo),
|
|
|
|
NULL);
|
|
|
|
if (!NT_SUCCESS(Status))
|
2004-11-06 11:45:47 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return FALSE;
|
2004-11-06 11:45:47 +00:00
|
|
|
}
|
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
Status = NtQuerySystemInformation(SystemPerformanceInformation,
|
|
|
|
&SystemPerfInfo,
|
|
|
|
sizeof(SystemPerfInfo),
|
2004-11-06 11:45:47 +00:00
|
|
|
NULL);
|
2013-10-30 10:56:02 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
2004-11-06 11:45:47 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return FALSE;
|
2004-11-06 11:45:47 +00:00
|
|
|
}
|
2013-10-30 10:56:02 +00:00
|
|
|
|
|
|
|
Status = NtQuerySystemInformation(SystemFileCacheInformation,
|
|
|
|
&SystemFileCacheInfo,
|
|
|
|
sizeof(SystemFileCacheInfo),
|
|
|
|
NULL);
|
|
|
|
if (!NT_SUCCESS(Status))
|
2004-11-06 11:45:47 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return FALSE;
|
2004-11-06 11:45:47 +00:00
|
|
|
}
|
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Then loop till we have all the information about processes */
|
|
|
|
do
|
|
|
|
{
|
|
|
|
ProcInfoArray = LocalAlloc(LMEM_FIXED, Size);
|
|
|
|
if (ProcInfoArray == NULL)
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(STATUS_INSUFFICIENT_RESOURCES));
|
|
|
|
return FALSE;
|
|
|
|
}
|
2004-11-06 11:45:47 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
Status = NtQuerySystemInformation(SystemProcessInformation,
|
|
|
|
ProcInfoArray,
|
|
|
|
Size,
|
|
|
|
&Needed);
|
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
{
|
|
|
|
break;
|
|
|
|
}
|
2004-11-06 11:45:47 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
LocalFree(ProcInfoArray);
|
2004-11-06 11:45:47 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* In case we have unexpected status, quit */
|
|
|
|
if (Status != STATUS_INFO_LENGTH_MISMATCH)
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* If needed size is smaller than actual size, guess it's something to add to our current size */
|
|
|
|
if (Needed <= Size)
|
|
|
|
{
|
|
|
|
Size += Needed;
|
|
|
|
}
|
|
|
|
/* Otherwise, take it as size to allocate */
|
|
|
|
else
|
|
|
|
{
|
|
|
|
Size = Needed;
|
|
|
|
}
|
|
|
|
} while (TRUE);
|
|
|
|
|
|
|
|
/* Start browsing all our entries */
|
|
|
|
ProcCount = 0;
|
|
|
|
HandleCount = 0;
|
|
|
|
ThreadsCount = 0;
|
|
|
|
SystemProcInfo = ProcInfoArray;
|
|
|
|
do
|
|
|
|
{
|
|
|
|
/* Ensure we really have an entry */
|
|
|
|
if (Needed < sizeof(SYSTEM_PROCESS_INFORMATION))
|
|
|
|
{
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Sum procs, threads and handles */
|
|
|
|
++ProcCount;
|
|
|
|
ThreadsCount += SystemProcInfo->NumberOfThreads;
|
|
|
|
HandleCount += SystemProcInfo->HandleCount;
|
|
|
|
|
|
|
|
/* If no next entry, then, it's over */
|
|
|
|
if (SystemProcInfo->NextEntryOffset == 0 || SystemProcInfo->NextEntryOffset > Needed)
|
|
|
|
{
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Jump to next entry while keeping accurate bytes left count */
|
|
|
|
Needed -= SystemProcInfo->NextEntryOffset;
|
|
|
|
SystemProcInfo = (PSYSTEM_PROCESS_INFORMATION)((ULONG_PTR)SystemProcInfo + SystemProcInfo->NextEntryOffset);
|
|
|
|
}
|
|
|
|
while (TRUE);
|
|
|
|
|
|
|
|
LocalFree(ProcInfoArray);
|
|
|
|
|
|
|
|
/* Output data */
|
|
|
|
pPerformanceInformation->CommitTotal = SystemPerfInfo.CommittedPages;
|
|
|
|
pPerformanceInformation->CommitLimit = SystemPerfInfo.CommitLimit;
|
|
|
|
pPerformanceInformation->CommitPeak = SystemPerfInfo.PeakCommitment;
|
|
|
|
pPerformanceInformation->PhysicalTotal = SystemBasicInfo.NumberOfPhysicalPages;
|
|
|
|
pPerformanceInformation->PhysicalAvailable = SystemPerfInfo.AvailablePages;
|
|
|
|
pPerformanceInformation->SystemCache = SystemFileCacheInfo.CurrentSizeIncludingTransitionInPages;
|
|
|
|
pPerformanceInformation->KernelNonpaged = SystemPerfInfo.NonPagedPoolPages;
|
|
|
|
pPerformanceInformation->PageSize = SystemBasicInfo.PageSize;
|
|
|
|
pPerformanceInformation->cb = sizeof(PERFORMANCE_INFORMATION);
|
|
|
|
pPerformanceInformation->KernelTotal = SystemPerfInfo.PagedPoolPages + SystemPerfInfo.NonPagedPoolPages;
|
|
|
|
pPerformanceInformation->KernelPaged = SystemPerfInfo.PagedPoolPages;
|
|
|
|
pPerformanceInformation->HandleCount = HandleCount;
|
|
|
|
pPerformanceInformation->ProcessCount = ProcCount;
|
|
|
|
pPerformanceInformation->ThreadCount = ThreadsCount;
|
|
|
|
|
|
|
|
return TRUE;
|
2004-11-06 11:45:47 +00:00
|
|
|
}
|
|
|
|
|
2005-01-15 02:33:06 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
BOOL
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2005-01-15 02:33:06 +00:00
|
|
|
GetProcessMemoryInfo(HANDLE Process,
|
|
|
|
PPROCESS_MEMORY_COUNTERS ppsmemCounters,
|
|
|
|
DWORD cb)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
NTSTATUS Status;
|
|
|
|
VM_COUNTERS_EX Counters;
|
2005-01-15 02:33:06 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Validate output size
|
|
|
|
* It can be either PROCESS_MEMORY_COUNTERS or PROCESS_MEMORY_COUNTERS_EX
|
|
|
|
*/
|
|
|
|
if (cb < sizeof(PROCESS_MEMORY_COUNTERS))
|
2005-01-15 02:33:06 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
SetLastError(ERROR_INSUFFICIENT_BUFFER);
|
|
|
|
return FALSE;
|
2005-01-15 02:33:06 +00:00
|
|
|
}
|
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
_SEH2_TRY
|
2005-01-15 02:33:06 +00:00
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
ppsmemCounters->PeakPagefileUsage = 0;
|
|
|
|
|
|
|
|
/* Query counters */
|
|
|
|
Status = NtQueryInformationProcess(Process,
|
|
|
|
ProcessVmCounters,
|
|
|
|
&Counters,
|
|
|
|
sizeof(Counters),
|
|
|
|
NULL);
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
_SEH2_YIELD(return FALSE);
|
|
|
|
}
|
2005-01-15 02:33:06 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Properly set cb, according to what we received */
|
|
|
|
if (cb >= sizeof(PROCESS_MEMORY_COUNTERS_EX))
|
|
|
|
{
|
|
|
|
ppsmemCounters->cb = sizeof(PROCESS_MEMORY_COUNTERS_EX);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
ppsmemCounters->cb = sizeof(PROCESS_MEMORY_COUNTERS);
|
|
|
|
}
|
2005-01-15 02:33:06 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
/* Output data */
|
|
|
|
ppsmemCounters->PageFaultCount = Counters.PageFaultCount;
|
|
|
|
ppsmemCounters->PeakWorkingSetSize = Counters.PeakWorkingSetSize;
|
|
|
|
ppsmemCounters->WorkingSetSize = Counters.WorkingSetSize;
|
|
|
|
ppsmemCounters->QuotaPeakPagedPoolUsage = Counters.QuotaPeakPagedPoolUsage;
|
|
|
|
ppsmemCounters->QuotaPagedPoolUsage = Counters.QuotaPagedPoolUsage;
|
|
|
|
ppsmemCounters->QuotaPeakNonPagedPoolUsage = Counters.QuotaPeakNonPagedPoolUsage;
|
|
|
|
ppsmemCounters->QuotaNonPagedPoolUsage = Counters.QuotaNonPagedPoolUsage;
|
|
|
|
ppsmemCounters->PagefileUsage = Counters.PagefileUsage;
|
|
|
|
ppsmemCounters->PeakPagefileUsage = Counters.PeakPagefileUsage;
|
2016-11-12 21:53:33 +00:00
|
|
|
/* And if needed, additional field for _EX version */
|
2013-10-30 10:56:02 +00:00
|
|
|
if (cb >= sizeof(PROCESS_MEMORY_COUNTERS_EX))
|
|
|
|
{
|
|
|
|
((PPROCESS_MEMORY_COUNTERS_EX)ppsmemCounters)->PrivateUsage = Counters.PrivateUsage;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(_SEH2_GetExceptionCode()));
|
|
|
|
_SEH2_YIELD(return FALSE);
|
|
|
|
}
|
|
|
|
_SEH2_END;
|
2005-01-15 02:33:06 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
return TRUE;
|
2005-01-15 02:33:06 +00:00
|
|
|
}
|
|
|
|
|
2005-01-15 02:44:25 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
BOOL
|
2008-11-30 11:42:05 +00:00
|
|
|
WINAPI
|
2005-01-15 02:44:25 +00:00
|
|
|
QueryWorkingSet(HANDLE hProcess,
|
|
|
|
PVOID pv,
|
|
|
|
DWORD cb)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
NTSTATUS Status;
|
|
|
|
|
|
|
|
/* Simply forward the call */
|
|
|
|
Status = NtQueryVirtualMemory(hProcess,
|
|
|
|
NULL,
|
|
|
|
MemoryWorkingSetList,
|
|
|
|
pv,
|
|
|
|
cb,
|
|
|
|
NULL);
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return FALSE;
|
|
|
|
}
|
2005-01-15 02:44:25 +00:00
|
|
|
|
2013-10-30 10:56:02 +00:00
|
|
|
return TRUE;
|
2005-01-15 02:44:25 +00:00
|
|
|
}
|
|
|
|
|
2008-08-30 20:29:57 +00:00
|
|
|
/*
|
2013-10-30 10:56:02 +00:00
|
|
|
* @implemented
|
2008-08-30 20:29:57 +00:00
|
|
|
*/
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
QueryWorkingSetEx(IN HANDLE hProcess,
|
|
|
|
IN OUT PVOID pv,
|
|
|
|
IN DWORD cb)
|
|
|
|
{
|
2013-10-30 10:56:02 +00:00
|
|
|
NTSTATUS Status;
|
|
|
|
|
|
|
|
/* Simply forward the call */
|
|
|
|
Status = NtQueryVirtualMemory(hProcess,
|
|
|
|
NULL,
|
|
|
|
MemoryWorkingSetExList,
|
|
|
|
pv,
|
|
|
|
cb,
|
|
|
|
NULL);
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
{
|
|
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return TRUE;
|
2008-08-30 20:29:57 +00:00
|
|
|
}
|
|
|
|
|
2002-06-18 22:16:53 +00:00
|
|
|
/* EOF */
|