Paul Gofman : ntoskrnl.exe: Implement PsGetProcessSectionBaseAddress() function.

[Alexandre Julliard]

Module: wine
Branch: master
Commit: e58073dbf844379fcb01772e1f9cf32a251d8859
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=e58073dbf844379fcb01772e1f9cf32a251d8859

Author: Paul Gofman <pgofman at codeweavers.com>
Date:   Sun May 31 18:26:20 2020 +0300

ntoskrnl.exe: Implement PsGetProcessSectionBaseAddress() function.

Signed-off-by: Paul Gofman <pgofman at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/ntoskrnl.exe/ntoskrnl.c        | 30 ++++++++++++++++++++++++++++++
 dlls/ntoskrnl.exe/ntoskrnl.exe.spec |  2 +-
 include/ddk/ntddk.h                 |  1 +
 3 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c
index fbf6262b3e..cd2143dbf9 100644
--- a/dlls/ntoskrnl.exe/ntoskrnl.c
+++ b/dlls/ntoskrnl.exe/ntoskrnl.c
@@ -4248,3 +4248,33 @@ void WINAPI KeSignalCallDpcDone(void *barrier)
 {
     InterlockedDecrement((LONG *)barrier);
 }
+
+void * WINAPI PsGetProcessSectionBaseAddress(PEPROCESS process)
+{
+    void *image_base;
+    NTSTATUS status;
+    SIZE_T size;
+    HANDLE h;
+
+    TRACE("process %p.\n", process);
+
+    if ((status = ObOpenObjectByPointer(process, 0, NULL, PROCESS_ALL_ACCESS, NULL, KernelMode, &h)))
+    {
+        WARN("Error opening process object, status %#x.\n", status);
+        return NULL;
+    }
+
+    status = NtReadVirtualMemory(h, &process->info.PebBaseAddress->ImageBaseAddress,
+            &image_base, sizeof(image_base), &size);
+
+    NtClose(h);
+
+    if (status || size != sizeof(image_base))
+    {
+        WARN("Error reading process memory, status %#x, size %lu.\n", status, size);
+        return NULL;
+    }
+
+    TRACE("returning %p.\n", image_base);
+    return image_base;
+}
diff --git a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec
index 3b36a62269..d27ef4aaf2 100644
--- a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec
+++ b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec
@@ -904,7 +904,7 @@
 @ stub PsGetProcessJob
 @ stub PsGetProcessPeb
 @ stub PsGetProcessPriorityClass
-@ stub PsGetProcessSectionBaseAddress
+@ stdcall PsGetProcessSectionBaseAddress(ptr)
 @ stub PsGetProcessSecurityPort
 @ stub PsGetProcessSessionId
 @ stub PsGetProcessWin32Process
diff --git a/include/ddk/ntddk.h b/include/ddk/ntddk.h
index 2b05fda711..b9f8295db8 100644
--- a/include/ddk/ntddk.h
+++ b/include/ddk/ntddk.h
@@ -229,6 +229,7 @@ NTSTATUS  WINAPI KeExpandKernelStackAndCallout(PEXPAND_STACK_CALLOUT,void*,SIZE_
 void      WINAPI KeSetTargetProcessorDpc(PRKDPC,CCHAR);
 BOOLEAN   WINAPI MmIsAddressValid(void *);
 HANDLE    WINAPI PsGetProcessId(PEPROCESS);
+void *    WINAPI PsGetProcessSectionBaseAddress(PEPROCESS);
 HANDLE    WINAPI PsGetThreadId(PETHREAD);
 HANDLE    WINAPI PsGetThreadProcessId(PETHREAD);
 NTSTATUS  WINAPI PsRemoveLoadImageNotifyRoutine(PLOAD_IMAGE_NOTIFY_ROUTINE);