[PATCH v2 1/6] ntoskrnl.exe: Implement PsGetProcessSectionBaseAddress() function.
Paul Gofman
pgofman at codeweavers.com
Sun May 31 10:26:20 CDT 2020
Signed-off-by: Paul Gofman <pgofman at codeweavers.com>
---
dlls/ntoskrnl.exe/ntoskrnl.c | 30 +++++++++++++++++++++++++++++
dlls/ntoskrnl.exe/ntoskrnl.exe.spec | 2 +-
include/ddk/ntddk.h | 1 +
3 files changed, 32 insertions(+), 1 deletion(-)
diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c
index fbf6262b3eb..cd2143dbf99 100644
--- a/dlls/ntoskrnl.exe/ntoskrnl.c
+++ b/dlls/ntoskrnl.exe/ntoskrnl.c
@@ -4248,3 +4248,33 @@ void WINAPI KeSignalCallDpcDone(void *barrier)
{
InterlockedDecrement((LONG *)barrier);
}
+
+void * WINAPI PsGetProcessSectionBaseAddress(PEPROCESS process)
+{
+ void *image_base;
+ NTSTATUS status;
+ SIZE_T size;
+ HANDLE h;
+
+ TRACE("process %p.\n", process);
+
+ if ((status = ObOpenObjectByPointer(process, 0, NULL, PROCESS_ALL_ACCESS, NULL, KernelMode, &h)))
+ {
+ WARN("Error opening process object, status %#x.\n", status);
+ return NULL;
+ }
+
+ status = NtReadVirtualMemory(h, &process->info.PebBaseAddress->ImageBaseAddress,
+ &image_base, sizeof(image_base), &size);
+
+ NtClose(h);
+
+ if (status || size != sizeof(image_base))
+ {
+ WARN("Error reading process memory, status %#x, size %lu.\n", status, size);
+ return NULL;
+ }
+
+ TRACE("returning %p.\n", image_base);
+ return image_base;
+}
diff --git a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec
index 2b7f57e895f..21bb4cc2584 100644
--- a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec
+++ b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec
@@ -904,7 +904,7 @@
@ stub PsGetProcessJob
@ stub PsGetProcessPeb
@ stub PsGetProcessPriorityClass
-@ stub PsGetProcessSectionBaseAddress
+@ stdcall PsGetProcessSectionBaseAddress(ptr)
@ stub PsGetProcessSecurityPort
@ stub PsGetProcessSessionId
@ stub PsGetProcessWin32Process
diff --git a/include/ddk/ntddk.h b/include/ddk/ntddk.h
index 2b05fda7118..b9f8295db88 100644
--- a/include/ddk/ntddk.h
+++ b/include/ddk/ntddk.h
@@ -229,6 +229,7 @@ NTSTATUS WINAPI KeExpandKernelStackAndCallout(PEXPAND_STACK_CALLOUT,void*,SIZE_
void WINAPI KeSetTargetProcessorDpc(PRKDPC,CCHAR);
BOOLEAN WINAPI MmIsAddressValid(void *);
HANDLE WINAPI PsGetProcessId(PEPROCESS);
+void * WINAPI PsGetProcessSectionBaseAddress(PEPROCESS);
HANDLE WINAPI PsGetThreadId(PETHREAD);
HANDLE WINAPI PsGetThreadProcessId(PETHREAD);
NTSTATUS WINAPI PsRemoveLoadImageNotifyRoutine(PLOAD_IMAGE_NOTIFY_ROUTINE);
--
2.26.2
More information about the wine-devel
mailing list